Local File Permission Vulnerability in Telegram Desktop by Telegram
CVE-2016-10351

5.5MEDIUM

Key Information:

Vendor: Telegram Desktop
Status: Telegram Desktop
Vendor: CVE Published:; 1 May 2017

🔔 Create Telegram Desktop Vulnerability Alert

What is CVE-2016-10351?

Telegram Desktop version 0.10.19 is susceptible to a local file permission vulnerability that permits unauthorized access to sensitive authentication details. This weakness arises from the use of overly permissive file permissions (0755) for the $HOME/.TelegramDesktop directory, enabling local users to exploit standard filesystem operations to retrieve confidential information. It's crucial for users to be aware of this risk and to apply necessary security practices to safeguard their sensitive data.

References

https://github.com/telegramdesktop/tdesktop/issues/2666

x_refsource_MISC

https://github.com/telegramdesktop/tdesktop/pull/3842/com...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2017
Vulnerability Reserved
Apr 30, 2017