Do not use telnet without encryption

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: go-security/telnet-request

Language: Go

Severity: Info

Category: Security

CWE: 319

Description

When sending telnet requests, it is important to use Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS), to ensure secure communication. Telnet protocol transmits data in plaintext, which means that any information exchanged, including sensitive data like passwords or commands, can be intercepted and read by malicious actors if the connection is not encrypted.

By utilizing SSL/TLS with telnet requests, the data transmitted is encrypted, making it significantly more difficult for unauthorized parties to intercept and read the information being exchanged.

Non-Compliant Code Examples

func main () {
    telnet.DialToAndCall("my.telnet.server:23", caller)
}

Compliant Code Examples

func main () {
    telnet.DialToAndCallTLS("my.telnet.server:992", caller)
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: safchain/fix-custom-agent