Which statement correctly describes TELNET security risk?

TELNET’s security risk comes from the fact that it does not encrypt traffic, so credentials and session data are sent in clear text. This means anyone capturing the network traffic—on a wired or wireless segment, or between hosts in the path—can read logins and commands, making eavesdropping trivial. That’s why SSH, which encrypts the entire session, is the secure alternative. The notion that TELNET provides end-to-end encryption by default is incorrect, as is the idea that it automatically prevents eavesdropping. TELNET also does not use TLS as its primary layer by default; TLS is associated with other protocols or needs a wrapper if used at all, whereas TELNET originally transmits unencrypted data.