Does telnet client represent a security threat on Windows?

Yesterday I needed a telnet client to connect to my ADSL router and none of the three Windows Seven computers at my home had it(Win Home Premium 32 PC, Win Professional 64 notebook and Win Ultimate 32 notebook). Fortunately, looking for a way to install telnet again at my machine(the one with Win 7 Prof.) I found an aswear here on SU(just for reference).

This makes me wondering why would Microsoft disable telnet on Windows Seven. As far I remember, it was present and active on Windows Vista and XP on all versions and SKUs.

Should this be for any reason linked to security threat, I mean, could Microsoft be worried about users security on using a telnet client? Wouldn't it be just on a telnet server? There is a true explained reason to that?

Diogo

Posted 2012-03-13T20:21:43.533

Reputation: 28 202

There is another use for a telnet client: to troubleshoot connectivity issues with local and remote running software. – RCross – 2015-12-19T08:32:33.193

Why do you believe it was dropped for security reasons? Why not just the simple fact that almost nobody needs a Telnet client anymore since almost everything has switched over to SSH or HTTP/HTTPS? The people that do need a telnet client almost always want one with more functionality then the built-in crappy client you got with earlier versions of Windows. – Zoredache – 2012-03-13T22:58:35.047

Answers

Having a telnet client isn't a threat in itself, if you're using it within your local network. Telnet was disabled in Windows 7 because it sends usernames and passwords in the clear for authentication. See this thread.

Running a server could constitute a legitimate security risk, but that isn't what you're doing so don't worry about it.

Fopedush

Posted 2012-03-13T20:21:43.533

Reputation: 1 723

1> Telnet was disabled in Windows 7 because it sends usernames and passwords in the clear for authentication. By that token, a web-browser is bad if you enter credit-card info on a site that does not encrypt the connection. Of course if telnet is completely incapable of encrypting a connection… – Synetech – 2012-03-13T22:13:18.060

Telnet is disabled by default on Windows7 for the simple reason that it is sometimes used as a callout mechanism by malware, and is generally not used by ordinary users, and thus a good candidate for disabling-by-default.

Telnet client is not a security risk in-and-of-itself - although you can certainly turn it into one by sending usernames and passwords to servers which will transmit unencrypted over the network.

SecurityMatt

Posted 2012-03-13T20:21:43.533

Reputation: 2 857

1> Telnet is disabled by default on Windows7 for the simple reason that it is sometimes used as a callout mechanism by malware Is that a server or client? – Synetech – 2012-03-13T22:14:02.597

1What malware author can't manage to write the code to open a simple tcp socket? – Zoredache – 2012-03-13T22:59:42.143

@Synetech: The callout mechanism is from the Windows2000 era when malware would fire-up the local telnet server connected to CMD.EXE so the malware author could just telnet in to your machine and be immediately given a command prompt – SecurityMatt – 2012-03-13T23:58:57.527

@Zoredache: Managing and maintaining a TCP socket in x86 assembly is harder than doing an exec("telnet -l > cmd.exe") in x86 assembly. – SecurityMatt – 2012-03-13T23:59:49.770

Fundamentally though, the point is that if a program isn't in use by 99% of your users and it opens up attack surface to make them potentially more vulnerable, you shouldn't have it on by default - and that's why Microsoft have all of those services off-by-default. – SecurityMatt – 2012-03-14T00:01:06.273

The real problem is that Telnet will send all your authentication details (username and password) is clear text, this means anyone with a packet sniff will EASILY be able to see your username and password. Microsoft disabled Telnet by default so that an everyday user will not stumble on to the Telnet feature. There is no security risk in installing Telnet, as it is just used to initiate a remote connection.

Taylor Gibb

Posted 2012-03-13T20:21:43.533

Reputation: 2 579