Collecting Cyber-News from over 60 sources

Trivial Telnet authentication bypass exposes devices to complete takeover

Jan 23, 2026 12:30 AM

telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” Simon Josefsson, a GNU contributor who submitted the patch, said on the OSS-SEC mailing list. “If the client supplies a carefully crafted USER environment value being the string “-f root“, and passes the telnet(1) -a or



 



also interesting:

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Aflac: ‘Cybercrime Campaign’ Is Targeting Insurance Industry
The Importance Of Ensuring Robust APIs For Your Applications Through Testing
CISA Warns of Critical Vulnerability in Adobe Experience Manager Forms




















Collecting Cyber-News from over 60 sources





X

LinkedIn

RSS Feed

Mail



Here I provide a database that gathers and curates the latest news on Cybersecurity. Being well-informed is the key to successfully respond on security threats.







Imprint | Privacy Policy | Contact