I hear your 1970s remote access program has a problem other than it was designed in the 1970s and isn't encrypted or authenticated?

A few years ago, I discovered that macos had stopped shipping /usr/bin/telnet and no one noticed, and there's a reason for that.

If -froot is a concern, please ask why.

@adamshostack I've been hunting for unencrypted services (among other things) on LANs for 15+ years and Telnet is still there. Yet the only real-world incident involving network interception I can recall post-2010 is "SSL added and removed here" of Snowden fame (happy to hear about more!), while auth bypasses/RCEs are common culprits in breaches.

Telnet has an awful smell for sure, but when you sit on a smelly network, it's reasonable to ask: "would attackers actually exploit this?" A bypass like this changes the answer.

@buherator I believe there’s a correlation between “running Telnet in prod” and “would fail to notice a bull in their china shop”. I’ve absolutely seen attackers use a lack of encryption (found sniff.c where it shouldn’t have been) would they use it today? Who knows.

@adamshostack This is the same "smell" I mention: it's likely not just Telnet, meaning that sniffing (which can absolutely happen, just not as often as e.g. admin:admin) is probably pretty low on the priority list. I've also seen higher prio bugs like this finally pushing teams to get rid of the nasty stuff altogether, but that's not always possible (vendor lock-in on critical systems yaay).