CVE-2022-25219

Name of the Vulnerable Software and Affected Versions telnetd startup daemon (affected versions not specified)

Description A null byte interaction error has been found in the telnetd startup daemon's code for constructing ephemeral passwords. This error allows an unauthenticated attacker on the local network to predict these passwords with 1-in-94 odds by sending crafted UDP packets. The exploitation of this issue relies on the use of an unpadded RSA cipher and manipulation of data processed by the RSA public decrypt() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.