A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
1import uuid
2from telnetlib import STATUS 3
4from locust import HttpUser, between, task
5
Description
A telnet-related module is being imported. Using telnet
is considered insecure.
Consider the following points when using Telnet protocol:
- Telnet is a plain-text protocol, anyone watching your Telnet packets on the wire will see your username, password, and everything you do on the remote system.
- There are no authentication policies used in telnet causing huge security threat. Communication is carried out between the two desired hosts can be intercepted in the middle.
Use ssh
as an alternative to telnet
. It protects user identities, passwords, and data from network snooping attacks, and allows secure logins and file transfers. Use of telnet
has been replaced by ssh
in almost all cases.
Bad practice
import telnetlib # Sensitive, Import of telnetlib
url = "telnet://[email protected]"
connection = telnetlib.Telnet("somehost") # Sensitive, Using telnet protocol
Recommended
from paramiko import SSHClient
client = SSHClient()
url = "telnet://[email protected]"
client.connect(url, username='user', password='secret')
References:
- telnetlib module in Python
- Telnet security problems
- Paramiko module
- OWASP Top 10 2021 Category A06 - Vulnerable and Outdated Components
- SANS Top 25
- CWE-200