Microsoft Telnet Server MS-TNAP Authentication Bypass
a year ago
- #Microsoft
- #Security
- #Telnet
- Critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server.
- Allows attackers to gain access as any user, including Administrator, without valid credentials.
- Exploits misconfiguration in NTLM Authentication processes of Telnet MS-TNAP extension.
- Affects Windows 2000 through Windows Server 2008 R2.
- No patch currently available; administrators advised to disable Telnet services immediately.
- Vulnerability stems from flawed SSPI configuration in Telnet Server.
- Exploit involves manipulating mutual authentication process to bypass server-side authentication.
- PoC exploit provided as standalone executable to limit impact.
- Target systems must have Telnet Server service running and network connectivity to target port.
- Recommendations include disabling Telnet, using SSH, and implementing network filtering.