Data Export Weakness in Telegram Desktop by Telegram
CVE-2020-25824

2.4LOW

Key Information:

Vendor

Telegram

Status
Telegram Desktop
Vendor
CVE Published:
14 October 2020

What is CVE-2020-25824?

Telegram Desktop versions up to 2.4.3 have a vulnerability where the Export key within the Export Telegram Data wizard does not require passcode entry. This allows an attacker to exploit a scenario where an unsuspecting user opens the Export Wizard but becomes distracted. If the desktop is left unattended, an attacker can simply press the Export key, potentially gaining unrestricted access to all chat conversations and media files. This vulnerability highlights the importance of securing sensitive actions within software to prevent unauthorized data access.

References

https://www.Telegram.org
x_refsource_MISC
https://github.com/soheilsamanabadi/vulnerability/blob/ma...
x_refsource_MISC
https://github.com/telegramdesktop/tdesktop/releases/tag/...
x_refsource_MISC

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.