The Ubuntu operating system must not have the telnet package installed.

STIG ID: UBTU-20-010405  |  SRG: SRG-OS-000074-GPOS-00042 | Severity: high |  CCI: CCI-000197

Vulnerability Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check

Verify that the telnet package is not installed on the Ubuntu operating system by running the following command:

$ dpkg -l | grep telnetd

If the package is installed, this is a finding.

Fix

Remove the telnet package from the Ubuntu operating system by running the following command:

$ sudo apt-get remove telnetd
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.