Intrusion Prevention

Telnet.Default.Credentials

Description

This indicates an attempt to login telnet using system default credentials.
This signature checks for common default telnet username and passwords that are hard coded in IoT devices. Malware such Mirai sometimes scans for open telnet ports and attempts to login using these default credentials.

Affected Products

Any telnet server that accepts the default credentials.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.