Shortcuts
|
Port 23 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
23 |
tcp |
telnet |
Telnet is one of the oldest Internet protocols and the most popular program for remote access to Unix machines. It has numerous security vulnerabilities [RFC 854]
Trojans that also use this port: Prosiak, Wingate, ADM worm, Aphex's Remote Packet Sniffer , AutoSpY, ButtMan, Fire HacKer, My Very Own trojan, Pest, RTB 666, Tiny Telnet Server - TTS, Truva Atl, Backdoor.Delf variants [Symantec-2003-050207-0707-99], Backdoor.Dagonit [Symantec-2005-092616-0858-99] (2005.09.26)
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23.
References: [CVE-2012-1222], [BID-52061]
The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513.
References: [CVE-2012-4703]
Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
References: [CVE-2012-5345]
Hospira Lifecare PCA infusion pump running "SW ver 412" does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.
References: [CVE-2015-3459]
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
References [CVE-2015-8286]
Hughes satellite modems contains default telnet service (port 23) account credentials. A remote attacker could exploit this vulnerability to gain administrative access on affected devices.
References: [CVE-2016-9495], [XFDB-122123]
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
References: [CVE-2018-12072]
Telestar Digital GmbH Imperial and Dabman Series I and D could allow a remote attacker to gain elevated privileges on the system, caused by the use of weak passwords with hardcoded credentials in an undocumented Telnet service (Telnetd) that connects to Port 23. A remote attacker could exploit this vulnerability to gain root access to the gadgets' embedded Linux BusyBox operating system.
References: [CVE-2019-13473], [XFDB-166724]
Multiple C-Data OLT devices are vulnerable to a denial of service, caused by a shawarma attack. By sending random bytes to the telnet server on port 23, a remote attacker could exploit this vulnerability to cause the device to reboot.
References: [CVE-2020-29057], [XFDB-192290]
An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.
References: [CVE-2021-27165]
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
References: [CVE-2021-37555]
Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution - unauthenticated Remote Command Execution Description: The malware listens on TCP port 23, upon connection to an infected host third-party attackers get handed a remote shell.
References: [MVID-2021-0197]
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials - the malware listens on TCP port 23. Authentication is required, however the credentials test:test are weak and hardcoded within the PE file.
References: [MVID-2022-0568] |
SG
|
23 |
udp |
games |
Dungeon Siege II |
SG
|
23 |
tcp |
|
Telnet protocol - unencrypted text communications (official) |
Wikipedia
|
23 |
tcp |
trojan |
ADM worm, Aphex's Remote Packet Sniffer , AutoSpY, ButtMan, Fire HacKer, My Very Own trojan, Pest, RTB 666, Tiny Telnet Server - TTS, Truva Atl |
Trojans
|
23 |
tcp,udp |
applications |
TELNET |
Portforward
|
23 |
tcp |
ADMworm |
[trojan] ADM worm |
Neophasis
|
23 |
tcp |
FireHacKer |
[trojan] Fire HacKer |
Neophasis
|
23 |
tcp |
MyVeryOwntrojan |
[trojan] My Very Own trojan |
Neophasis
|
23 |
tcp |
RTB666 |
[trojan] RTB 666 |
Neophasis
|
23 |
tcp |
TelnetPro |
[trojan] Telnet Pro |
Neophasis
|
23 |
tcp |
TinyTelnetServer |
[trojan] Tiny Telnet Server - TTS |
Neophasis
|
23 |
tcp |
TruvaAtl |
[trojan] Truva Atl |
Neophasis
|
23 |
tcp |
threat |
Dagonit |
Bekkoame
|
23 |
tcp |
threat |
Fire HacKer |
Bekkoame
|
23 |
tcp |
threat |
MindControl |
Bekkoame
|
23 |
tcp |
threat |
Tiny Telnet Server - TTS |
Bekkoame
|
23 |
tcp |
threat |
Truva Atl |
Bekkoame
|
23 |
tcp,udp |
telnet |
Telnet [RFC854] |
IANA
|
|
18 records found
|
jump to:
|
Related ports: 161 513 1953 2323 9000 27378 26 73 230
« back to SG Ports
External Resources
SANS ISC: port 23
Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify
a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly
used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP ports use the Transmission Control Protocol, the most commonly used protocol
on the Internet and any TCP/IP network. TCP enables two hosts
to establish a connection and exchange streams of data. TCP guarantees delivery of data
and that packets will be delivered in the same order in which they were sent.
Guaranteed communication/delivery is the key difference between TCP and UDP.
UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol)
and facilitates the transmission of datagrams from one computer to applications on another computer,
but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received
the message to process any errors and verify correct delivery. UDP is often used with time-sensitive
applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.
When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command.
We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software.
For more detailed and personalized help please use our forums.
Please use the "Add Comment" button below to provide additional information or comments about port 23.
|
|
|
|