A legitimate use is hard to find here, I admit. The only one I can think of is to actually write this fake client so you can demonstrate the people they have a problem. But that sounds a bit far fetched, even to me.

By now, I thought our friend GoRN would have found time to post a reasonable explanation himself, which he/she didn't, so I am more willing to follow your interpretation of his/her intents. What makes me wonder is, should the intent really be to create a password stealing telnet, why not cloak this request with something harmless like "I want to write a new MUD client ..." or something like that? Would have gone through easily ...

Well, you never know. Letīs hope the admins close the security hole in the first place, 'cause our young friend is certainly not alone out there.

Andreas