Do not use telnet without encryption

Metadata

ID: go-security/telnet-request

Language: Go

Severity: Info

Category: Security

CWE: 319

Description

When sending telnet requests, it is important to use Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS), to ensure secure communication. Telnet protocol transmits data in plaintext, which means that any information exchanged, including sensitive data like passwords or commands, can be intercepted and read by malicious actors if the connection is not encrypted.

By utilizing SSL/TLS with telnet requests, the data transmitted is encrypted, making it significantly more difficult for unauthorized parties to intercept and read the information being exchanged.

Non-Compliant Code Examples

func main () {
    telnet.DialToAndCall("my.telnet.server:23", caller)
}

Compliant Code Examples

func main () {
    telnet.DialToAndCallTLS("my.telnet.server:992", caller)
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: rtrieu/product-analytics-ui-changes