EN
Русский
TCP
Dangerous
Remote Access
Port 23 (Telnet)
Learn about port 23 (Telnet) - security risks, vulnerabilities, and common uses. Find devices with port 23 open.
Quick Info
Port Number
23
Protocol
TCP
Service
Telnet
IANA Name
Telnet
Service Description
TCP port 23 is historically associated with the Telnet protocol, a now largely obsolete protocol used for providing bidirectional interactive text-oriented communication over a network, typically between a client and a server. Telnet enables users to remotely access and control a computer or device as if they were directly connected to it. The protocol operates by establishing a TCP connection to the server on port 23. Once the connection is established, the client and server exchange data as ASCII text, including commands, responses, and user input. The Telnet protocol itself is extremely simple, lacking built-in encryption or authentication mechanisms beyond a basic username and password prompt. This simplicity made it easy to implement but also inherently insecure. The protocol uses Network Virtual Terminal (NVT) data stream which defines a standard character set and control functions to ensure compatibility between different operating systems and terminal types.
At a technical level, Telnet involves the client initiating a TCP handshake with the server on port 23. The server listens for incoming connections on this port. After the handshake, the server typically presents a login prompt. The client sends the username and password (in plain text), which the server validates. If authentication is successful, the server grants the client access to a command-line interface or other applications. The protocol then transmits all subsequent data, including commands and responses, as unencrypted text. Commands such as 'ls', 'cd', 'pwd', or application-specific commands are sent from the client to the server, and the server executes these commands and sends the output back to the client. The connection persists until either the client or server terminates it, usually by sending a specific command like 'exit' or by closing the TCP connection.
## Firewall Recommendations
Telnet should generally be blocked on firewalls, especially on public-facing interfaces. If Telnet is absolutely necessary for legacy systems or specific internal network devices, it should be restricted to a dedicated, isolated network segment with strict access control policies. Consider using SSH (Secure Shell) as a secure alternative to Telnet, as it provides encryption and strong authentication. If Telnet must be used, implement strong passwords, regularly monitor Telnet logs for suspicious activity, and consider wrapping Telnet within a VPN or other secure tunnel to encrypt the traffic. Regularly audit devices running Telnet to ensure they are properly secured and patched against known vulnerabilities. Disabling Telnet entirely is the most secure option if it is not required.
At a technical level, Telnet involves the client initiating a TCP handshake with the server on port 23. The server listens for incoming connections on this port. After the handshake, the server typically presents a login prompt. The client sends the username and password (in plain text), which the server validates. If authentication is successful, the server grants the client access to a command-line interface or other applications. The protocol then transmits all subsequent data, including commands and responses, as unencrypted text. Commands such as 'ls', 'cd', 'pwd', or application-specific commands are sent from the client to the server, and the server executes these commands and sends the output back to the client. The connection persists until either the client or server terminates it, usually by sending a specific command like 'exit' or by closing the TCP connection.
## Firewall Recommendations
Telnet should generally be blocked on firewalls, especially on public-facing interfaces. If Telnet is absolutely necessary for legacy systems or specific internal network devices, it should be restricted to a dedicated, isolated network segment with strict access control policies. Consider using SSH (Secure Shell) as a secure alternative to Telnet, as it provides encryption and strong authentication. If Telnet must be used, implement strong passwords, regularly monitor Telnet logs for suspicious activity, and consider wrapping Telnet within a VPN or other secure tunnel to encrypt the traffic. Regularly audit devices running Telnet to ensure they are properly secured and patched against known vulnerabilities. Disabling Telnet entirely is the most secure option if it is not required.
Security Information
Telnet's primary security risk stems from its lack of encryption. All data transmitted over Telnet, including usernames and passwords, is sent in plain text. This makes it extremely vulnerable to eavesdropping attacks, where an attacker can intercept network traffic and easily capture sensitive credentials. Man-in-the-middle attacks are also easily facilitated due to the lack of authentication and encryption. Attackers commonly target Telnet because it provides direct access to the command-line interface of a device, allowing them to execute arbitrary commands, modify configurations, install malware, or pivot to other systems on the network. The ease of exploitation and the high potential for compromise make Telnet a significant security liability, especially on devices with default or weak passwords.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2019-10100 | Telnetd Stack-based Buffer Overflow | Critical | A stack-based buffer overflow vulnerability exists in the telnetd service of multiple embedded devices, allowing a remote attacker to execute arbitrary code by sending a specially crafted string during the authentication process. |
| CVE-2017-14133 | D-Link DSL-2750U Telnet Backdoor Account | High | D-Link DSL-2750U routers have a Telnet service with a hardcoded backdoor account, allowing attackers to gain unauthorized access to the device. |
| CVE-2017-15857 | Multiple D-Link Routers Telnet Command Injection | High | Multiple D-Link routers are vulnerable to command injection via the Telnet service due to insufficient input validation, allowing attackers to execute arbitrary commands. |
| CVE-2013-0166 | OpenSSL Padding Oracle Vulnerability | Medium | While not directly a Telnet vulnerability, if Telnet is wrapped in SSL (which is rare but possible), it could be vulnerable to the OpenSSL Padding Oracle vulnerability, allowing attackers to decrypt data. |
| CVE-2000-0022 | Telnet Buffer Overflow Vulnerability | High | Generic buffer overflow in telnetd service allows remote attackers to cause a denial of service or execute arbitrary commands via a long string. |
Malware Associations
- Mirai botnet
- Bashlite (Gafgyt) botnet
- Qbot
- Mozi botnet
Common Software
- Telnet client (various operating systems)
- Busybox (embedded systems)
- Cisco IOS (older versions)
- HP ProCurve switches (older versions)
- Some legacy network devices
- Certain industrial control systems (legacy)
Find all devices with port 23 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning