Details
The telnet-server package contains the telnet daemon, which accepts connections from users from other systems via the telnet protocol. The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow a user with access to sniff network traffic the ability to steal credentials. The ssh package provides an encrypted session and stronger security.
Solution
Remove or comment out any telnet lines in /etc/inetd.conf- #telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.