IDN Homograph Attack Vulnerability in Telegram Desktop and Mobile Applications
CVE-2019-10044

8.8HIGH

Key Information:

Vendor: Telegram
Status: Telegram
Vendor: CVE Published:; 25 March 2019

What is CVE-2019-10044?

Telegram Desktop versions prior to 1.5.12 and Telegram applications across Android, iOS, and Linux are susceptible to an IDN homograph attack. This vulnerability allows an attacker to craft deceptive URLs by mixing Latin and Cyrillic characters, thereby misleading users into clicking on links that appear legitimate but redirect to malicious sites. Due to a lack of proper validation, the application conceals the existence of different character sets in domain names, creating a significant security risk for users.

References

https://github.com/blazeinfosec/advisories/blob/master/te...

x_refsource_MISC

http://www.securityfocus.com/bid/107610

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2019
Vulnerability Reserved
Mar 25, 2019