Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability

The Telnet daemon shipped with Windows 2000 is susceptible to a trivial denial of service attack if an initiated session is not reset. After a certain interval of time, a telnet session will timeout if the user does not supply a username or password. The connection will not be reset until the user enters a character. If a malicious user were to connect to a Windows 2000 telnet daemon and not reset the connection, they would effectively deny any other access to the telnet server because the maximum number of client connections is 1. Any other user that attempts to connect to the telnet server during that time will receive the following error message:

Microsoft Windows Workstation allows only 1 Telnet Client License
Server has closed connection

Viewing 'List the Current Users' option will not display the timed out session because successful authorization did not take place.


Privacy Statement
Copyright 2010, SecurityFocus