CVE-2020-25824

Published: Oct 14, 2020Modified: Nov 21, 2024

2.4

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.

Affected (1)

Products: Telegram: Telegram Desktop

1 product

Telegram Desktop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Telegram Telegram Desktop	Up to 2.4.3

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (8)

https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824

Source: cve@mitre.org

Third Party Advisory

https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3

Source: cve@mitre.org

Release NotesThird Party Advisory

https://security.gentoo.org/glsa/202101-34

Source: cve@mitre.org

Third Party Advisory

https://www.Telegram.org

Source: cve@mitre.org

Product

https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://security.gentoo.org/glsa/202101-34

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.Telegram.org

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.