problem-based-packs.insecure-transport.js-node.telnet-request.telnet-request

profile photo of returntocorpreturntocorp
Author
2,021
Download Count*

Checks for creation of telnet servers or attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.

Run Locally

Run in CI

Defintion

rules:
  - id: telnet-request
    message: Checks for creation of telnet servers or attempts to connect through
      telnet. This is insecure as the telnet protocol supports no encryption,
      and data passes through unencrypted.
    severity: WARNING
    metadata:
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://www.npmjs.com/package/telnet
        - https://www.npmjs.com/package/telnet-client
      subcategory:
        - vuln
      technology:
        - node.js
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - javascript
    patterns:
      - pattern-either:
          - pattern-inside: |
              $TEL = require('telnet-client');
              ...
              $SERVER = new $TEL();
              ...
          - pattern-inside: |
              $SERVER = require('telnet');
              ...
      - pattern-either:
          - pattern: |
              $SERVER.on(...)
          - pattern: |
              $SERVER.connect(...)
          - pattern: |
              $SERVER.createServer(...)

Examples

telnet-request.js

const telnet = require('telnet-client');
function bad_telnet1() {
    const server = new telnet();

    // display server response
    // ruleid:telnet-request
    server.on("data", function(data){
        console.log(''+data);
    });

    // login when connected
    // ruleid:telnet-request
    server.on("connect", function(){
        server.write("login <user> <pass>");
    });

    // connect to server
    // ruleid:telnet-request
    server.connect({
        host: "172.16.0.1",
        port: 9600
    });
}

const Telnet = require('telnet-client');
function bad_telnet2() {
    var connection = new Telnet()

    // these parameters are just examples and most probably won't work for your use-case.
    var params = {
    host: '127.0.0.1',
    port: 23,
    shellPrompt: '/ # ', // or negotiationMandatory: false
    timeout: 1500,
    // removeEcho: 4
    }

    // ruleid:telnet-request
    connection.on('ready', function(prompt) {
    connection.exec(cmd, function(err, response) {
        console.log(response)
    })
    })

    // ruleid:telnet-request
    connection.on('timeout', function() {
    console.log('socket timeout!')
    connection.end()
    })
}

var Telnet = require('telnet-client')
function bad_telnet3() {
    var connection = new Telnet()

    // these parameters are just examples and most probably won't work for your use-case.
    var params = {
    host: '127.0.0.1',
    port: 23,
    shellPrompt: '/ # ', // or negotiationMandatory: false
    timeout: 1500,
    // removeEcho: 4
    }

    // ruleid:telnet-request
    connection.connect(params)
    .then(function(prompt) {
    connection.exec(cmd)
    .then(function(res) {
        console.log('promises result:', res)
    })
    }, function(error) {
    console.log('promises reject:', error)
    })
    .catch(function(error) {
    // handle the throw (timeout)
    })
}

var telnet = require('telnet')

function bad_telnet4() {
    // ruleid:telnet-request
    telnet.createServer(function (client) {

    // make unicode characters work properly
    client.do.transmit_binary()

    // make the client emit 'window size' events
    client.do.window_size()

    // listen for the window size events from the client
    client.on('window size', function (e) {
        if (e.command === 'sb') {
        console.log('telnet window resized to %d x %d', e.width, e.height)
        }
    })

    // listen for the actual data from the client
    client.on('data', function (b) {
        client.write(b)
    })

    client.write('connected to Telnet server!')

    }).listen(23)
}