PT-2018-14085 · Telegram+1 · Telegram Desktop+1

Dhiraj Mishra

Published

2018-09-28

Updated

2019-10-03

CVE-2018-17613

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Telegram Desktop (aka tdesktop) version 1.3.16 alpha

Description The issue concerns the transmission of sensitive data in cleartext when a specific setting is enabled. Specifically, when "Use proxy" is enabled, credentials and application data are sent in cleartext over the SOCKS5 protocol.

Recommendations For Telegram Desktop (aka tdesktop) version 1.3.16 alpha, consider disabling the "Use proxy" setting until a fix is available to prevent credentials and application data from being sent in cleartext.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-17613

Affected Products

Debian

Telegram Desktop

PT-2018-14085 · Telegram+1 · Telegram Desktop+1

CVE-2018-17613

Weakness Enumeration

Related Identifiers

Affected Products

References · 9