oss-sec mailing list archives

Re: Re: Telnetd Vulnerability Report

From: Florian Weimer <fweimer () redhat com>
Date: Thu, 26 Feb 2026 11:26:02 +0100

* Marco Moock:

On 24.02.2026 05:05 kf503bla () duck com kf503bla () duck com wrote:

Who uses telnet anyway? It's deprecated. Everyone uses ssh for any
kind of remote access.


In certain situations telnet is still being used, because it is
supported on a wide range of systems, regardless of key (exchange)
algorithms or hash algorithms.


Part of that is that the industry has moved to a threat model where it
is considered more secure to use an unauthenticated, unencrypted channel
rather than one that uses (for example) an HMAC based on SHA-1 for
integrity protection.

Thanks,
Florian

Current thread:

Re: Telnetd Vulnerability Report, (continued)
- - - Re: Telnetd Vulnerability Report Solar Designer (Feb 25)
    - Re: Telnetd Vulnerability Report Steffen Nurpmeso (Feb 25)
    - Re: Telnetd Vulnerability Report Marco Moock (Feb 25)
    - Re: Telnetd Vulnerability Report Steffen Nurpmeso (Feb 25)
    - Re: Telnetd Vulnerability Report Lyndon Nerenberg (VE7TFX/VE6BBM) (Feb 25)
    - Re: Telnetd Vulnerability Report Albert Veli (Feb 26)
    - Re: Telnetd Vulnerability Report Eddie Chapman (Feb 24)
    - Re: Telnetd Vulnerability Report Justin Swartz (Feb 24)
    - Re: Telnetd Vulnerability Report Eddie Chapman (Feb 24)
    - Re: Re: Telnetd Vulnerability Report Marco Moock (Feb 25)
    - Re: Re: Telnetd Vulnerability Report Florian Weimer (Feb 26)