<plugin_id>146</plugin_id>
<plugin_name>Microsoft Windows Telnet Server detection</plugin_name>
<plugin_family>Backdoors</plugin_family>
<plugin_created_date>2004/09/06</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.2</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.2</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>23</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists Welcome to Microsoft Telnet Server OR ÿı%ÿûÿûÿı'ÿıÿı</plugin_procedure_detection>
<plugin_detection_accuracy>97</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor. I don't know if the rubbish is saved as secondary pattern does really identify Microsofts Telnet service. Need to be verified.</plugin_comment>
<bug_affected>Microsoft Windows Telnet Daemon</bug_affected>
<bug_not_affected>Other telnet daemons</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The target host is running a Telnet server by Microsoft Windows. This can be determined by the welcome banner of the application. An attacker may get additional data about the target. Also telnet connections are not encrypted and usually authenticated via simple username/password credentials.</bug_description>
<bug_solution>The telnet service, if not needed, should be disabled or if possible firewalled. Upgrade to the latest software version to be not vulnerable anymore. A server daemon should not advertise its version to the world. So disable or change the banner. To get more security, install SSH.</bug_solution>
<bug_fixing_time>Approx. 45 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.nessus.org</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>6</bug_impact>
<bug_risk>7</bug_risk>
<bug_check_tool>Most vulnerability scanners are able to do a similar check.</bug_check_tool>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>