Microsoft Telnet Server MS-TNAP Authentication Bypass [RCE 0day]

A critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server that allows attackers to gain access as any user, including Administrator, without requiring valid credentials. The vulnerability exploits a misconfiguration in the NTLM Authentication processes of the Telnet MS-TNAP extension allowing remote unauthenticated attackers to bypass authentication completely. Summary This repository contains a Proof of Concept (PoC) exploit for a critical authentication bypass vulnerability in Microsoft Telnet Server's implementation of NTLM authentication over MS-TNAP. The vulnerability affects Windows 2000 through Windows Server 2008 R2 and allows complete authentication bypass via manipulation of the mutual authentication process. The exploit works by tricking the server into validating the client as Administrator without supplying valid credentials, leveraging a fundamental flaw in how the Windows Telnet Server mistakenly handles mutual authentication. IMPORTANT: There is currently no patch for this vulnerability. System administrators should disable Telnet services immediately on all Microsoft systems.