Session Management Flaw in Telegram Application Versions for Android, Windows, and UNIX
CVE-2021-27351

5.3MEDIUM

Key Information:

Vendor

Telegram

Status
Telegram
Vendor
CVE Published:
19 February 2021

What is CVE-2021-27351?

The Terminate Session feature in Telegram fails to properly invalidate a recently active session, potentially allowing unauthorized users access to ongoing communications. This issue affects multiple platforms, including Android, Windows, and UNIX, leading to a risk of session hijacking if the session is not invalidated correctly when terminated.

References

https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html
x_refsource_MISC
https://security.gentoo.org/glsa/202105-07
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.