Go Unencrypted Telnet Connection
Description
Detects the use of unencrypted Telnet connections through the go-telnet library in Go applications. Telnet transmits data in plaintext, which can expose sensitive information to network eavesdropping and man-in-the-middle attacks.
Detection Strategy
• Check if the 'github.com/reiver/go-telnet' library is imported in the Go source code
• Look for function calls or expressions that use Telnet-related operations from this library
• Report a vulnerability if Telnet connection functions are used, since they represent an insecure communication channel
Vulnerable code example
package main
import (
"log"
"github.com/reiver/go-telnet"
)
func main() {...✅ Secure code example
package main
import (
"crypto/tls"
"log"
"github.com/reiver/go-telnet"
)
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.