problem-based-packs.insecure-transport.js-node.telnet-request.telnet-request
semgrepAuthor
2,021
Download Count*
License
Checks for creation of telnet servers or attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.
Run Locally
Run in CI
Defintion
rules:
- id: telnet-request
message: Checks for creation of telnet servers or attempts to connect through
telnet. This is insecure as the telnet protocol supports no encryption,
and data passes through unencrypted.
severity: WARNING
metadata:
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
category: security
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
owasp: A03:2017 - Sensitive Data Exposure
references:
- https://www.npmjs.com/package/telnet
- https://www.npmjs.com/package/telnet-client
subcategory:
- vuln
technology:
- node.js
vulnerability: Insecure Transport
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
languages:
- javascript
patterns:
- pattern-either:
- pattern-inside: |
$TEL = require('telnet-client');
...
$SERVER = new $TEL();
...
- pattern-inside: |
$SERVER = require('telnet');
...
- pattern-either:
- pattern: |
$SERVER.on(...)
- pattern: |
$SERVER.connect(...)
- pattern: |
$SERVER.createServer(...)
Examples
telnet-request.js
const telnet = require('telnet-client');
function bad_telnet1() {
const server = new telnet();
// display server response
// ruleid:telnet-request
server.on("data", function(data){
console.log(''+data);
});
// login when connected
// ruleid:telnet-request
server.on("connect", function(){
server.write("login <user> <pass>");
});
// connect to server
// ruleid:telnet-request
server.connect({
host: "172.16.0.1",
port: 9600
});
}
const Telnet = require('telnet-client');
function bad_telnet2() {
var connection = new Telnet()
// these parameters are just examples and most probably won't work for your use-case.
var params = {
host: '127.0.0.1',
port: 23,
shellPrompt: '/ # ', // or negotiationMandatory: false
timeout: 1500,
// removeEcho: 4
}
// ruleid:telnet-request
connection.on('ready', function(prompt) {
connection.exec(cmd, function(err, response) {
console.log(response)
})
})
// ruleid:telnet-request
connection.on('timeout', function() {
console.log('socket timeout!')
connection.end()
})
}
var Telnet = require('telnet-client')
function bad_telnet3() {
var connection = new Telnet()
// these parameters are just examples and most probably won't work for your use-case.
var params = {
host: '127.0.0.1',
port: 23,
shellPrompt: '/ # ', // or negotiationMandatory: false
timeout: 1500,
// removeEcho: 4
}
// ruleid:telnet-request
connection.connect(params)
.then(function(prompt) {
connection.exec(cmd)
.then(function(res) {
console.log('promises result:', res)
})
}, function(error) {
console.log('promises reject:', error)
})
.catch(function(error) {
// handle the throw (timeout)
})
}
var telnet = require('telnet')
function bad_telnet4() {
// ruleid:telnet-request
telnet.createServer(function (client) {
// make unicode characters work properly
client.do.transmit_binary()
// make the client emit 'window size' events
client.do.window_size()
// listen for the window size events from the client
client.on('window size', function (e) {
if (e.command === 'sb') {
console.log('telnet window resized to %d x %d', e.width, e.height)
}
})
// listen for the actual data from the client
client.on('data', function (b) {
client.write(b)
})
client.write('connected to Telnet server!')
}).listen(23)
}
Short Link: https://sg.run/weoA