PT-2017-7877 · Telegram+1 · Telegram Desktop+1

Asarubboo

Published

2017-05-01

Updated

2017-10-31

CVE-2016-10351

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Telegram Desktop version 0.10.19

Description The issue allows local users to obtain sensitive authentication information via standard filesystem operations due to the use of 0755 permissions for the $HOME/.TelegramDesktop directory.

Recommendations For Telegram Desktop version 0.10.19, consider changing the permissions of the $HOME/.TelegramDesktop directory to more restrictive settings to prevent unauthorized access.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2551

CVE-2016-10351

Affected Products

Alt Linux

Telegram Desktop

PT-2017-7877 · Telegram+1 · Telegram Desktop+1

CVE-2016-10351

Weakness Enumeration

Related Identifiers

Affected Products

References · 9