I'm just reading this GNU telnetd CVE from last month.
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
Don't miss this explanation of how backbone providers coordinated on this telnetd exploit in advance of the CVE release, and simply blocked port 23 traffic. https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
@waldoj That seems … bad.
-
Don't miss this explanation of how backbone providers coordinated on this telnetd exploit in advance of the CVE release, and simply blocked port 23 traffic. https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
@waldoj I'm not aware of any backbone provider coordination. That rarely happens for blocking anything - and probably the only time I can even recall there was such a widely coordinated port block was with Slammer over 20 years ago.
Another viewpoint here: https://www.terracenetworks.com/blog/2026-02-11-telnet-routing
-
@waldoj I'm not aware of any backbone provider coordination. That rarely happens for blocking anything - and probably the only time I can even recall there was such a widely coordinated port block was with Slammer over 20 years ago.
Another viewpoint here: https://www.terracenetworks.com/blog/2026-02-11-telnet-routing
@jtk Interesting!
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
my first reaction when i read this was "who uses telnet these days" but then realized that this is probably exactly why no one was fixing bugs in telnetd.
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
@waldoj
I suppose most orgs don’t run telnetd on their servers. -
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
@waldoj *Wow*, telnetd has been a thing the last 11 years?
telnet client[0], sure, but telnet daemon?
[0] Yeah, yeah, there are other tools now, but my fingers have typed telnet before I've thought of something else or figured out how to spell netcat
-
@waldoj
I suppose most orgs don’t run telnetd on their servers.@AkaSci Boy, I hope not
-
my first reaction when i read this was "who uses telnet these days" but then realized that this is probably exactly why no one was fixing bugs in telnetd.
I recently heard about a major ICS/OT gear mfg that ships all end devices with telnet open and well known default creds..."for initial configuration."
-
I recently heard about a major ICS/OT gear mfg that ships all end devices with telnet open and well known default creds..."for initial configuration."
RIPE did a document with recommendations for edge devices, including not having default passwords, requiring setting a decent password before starting to route packets, etc. in the early 1990s. sad that vendors are still shipping vulnerable boxes...
-
RIPE did a document with recommendations for edge devices, including not having default passwords, requiring setting a decent password before starting to route packets, etc. in the early 1990s. sad that vendors are still shipping vulnerable boxes...
Grid control devices.
Of course they will never be connected to the internet because segmentation works.
-
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
@waldoj this was a bug implemented many times across many telnet daemons. the first instance was in the 80s...
-
R relay@relay.an.exchange shared this topic
