1

Since Windows 7 release the telnet client is disabled by default on windows,any security reason for that? is enabling telnet client on windows will make it vulnerable for any type of threat?

Mr.lock
  • 345
  • 5
  • 14

3 Answers3

4

The Telnet client does not present much of a security threat in itself though it could be leveraged by some malicious process (virus/malware) to do further damage. It is also disabled as very few users, particularly home users make use of it.

Standard security practice says you should reduce your attack surface as much as possible and that includes disabling tools and services that you do not use.

iainpb
  • 4,142
  • 2
  • 16
  • 35
1

telnet was already banned by other firewalls. The rationale behind that is that the casual Windows user will not use it directly, and it is not used either by common tools. As NT server has no telnet daemon AFAIK, and even Unix-like systems no longer offer a telnetd daemon enabled by default, the main usage of telnet is to test network exchanges at low level. And again this is of no use for the casual user.

Anyway the telnet protocol is one of the oldest network protocol, and enabling a telnet client does not really lower the security of a machine. Simply the less tools are left to the user, the less mistakes he can do with them. And the last assumption behind disabling it, it that a user that really needs it will certainly be able to enable it.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
1

Ages ago, there was an issue of Microsoft's NTLM authentication using telnet. The method involved tricking a browser into launching telnet:// URLs and picking up credential data as Telnet tried to authenticate with the remote system.

https://technet.microsoft.com/en-us/library/security/ms00-067.aspx

It doesn't apply to Windows 7, but it shows that yes, it's possible for MS to turn a telnet client into a security hole.

Details of the outrageously complex protocol which is still in use are here:

https://msdn.microsoft.com/en-us/library/cc247789.aspx

I would like to know if anyone ever found this method of authentication useful.

mgjk
  • 7,535
  • 2
  • 20
  • 34