Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25824

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.

Published

2020-10-14T15:15:17.133

Last Modified

2024-11-21T05:18:50.623

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.4 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	telegram	telegram_desktop	≤ 2.4.3	Yes

References

https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824 Third Party Advisory ([email protected])
https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3 Release Notes, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202101-34 Third Party Advisory ([email protected])
https://www.Telegram.org Product ([email protected])
https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202101-34 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.Telegram.org Product (af854a3a-2127-422b-91ae-364da2661108)