A shocking revelation has come to light, highlighting a critical vulnerability in the GNU InetUtils telnet daemon that has gone unnoticed for over a decade. This vulnerability, with a severity score of 9.8, is not only easy to exploit but also grants attackers root access to target systems.
The bug, introduced in a 2015 update, allows attackers to bypass normal authentication processes by carefully crafting a USER environment value. This vulnerability is a prime example of an argument injection flaw, making exploitation attempts more reliable compared to other complex bugs.
"Exploiting this vulnerability is as simple as running a specific telnet command, which can grant an attacker root access with ease," said Stephen Fewer, a senior principal researcher at Rapid7.
The vulnerability has already been verified by Rapid7 Labs, confirming that exploitation is trivial and results in full root access.
But here's where it gets controversial: Fewer suggests that anyone still running telnetd in 2026 should consider upgrading to a more secure alternative, such as SSH. The program's lack of encryption makes it vulnerable to packet sniffing, allowing attackers to intercept login attempts and sessions.
And this is the part most people miss: despite telnetd falling out of favor years ago, there are still a significant number of active deployments. National cybersecurity authorities in France, Canada, and Belgium have all issued advisories, urging the retirement of telnetd and highlighting the risks of a successful exploit.
So, what can users do? At the very least, update to the latest version of telnetd and restrict access to the telnet port. But the best course of action is to upgrade to a more secure alternative like SSH.
It's time to take action and ensure your systems are secure. Don't become a victim of this critical vulnerability.
- Other recent security news:
- Curl shutters bug bounty program to discourage AI-generated submissions.
- Cloudflare fixes a WAF bypass bug that opened a side door for attackers.
- AI framework flaws put enterprise clouds at risk of takeover.
- RondoDox botnet linked to the exploitation of a critical HPE OneView bug.
What do you think? Is it time to completely phase out telnetd, or can it still have a place in certain environments? Share your thoughts in the comments!
