# Title: Telegram Portable/Installer Session Hijacking (Bypass 2-step verification method)
# Date: 18-10-2016
# Author: Alireza Bolbolabadi
# Vendor Homepage: https://telegram.org/
# Software Link: https://desktop.telegram.org/
# Tested on: Windows 7
# Risk: Critical
#######################################################################################
There is a critical vulnerability which help hacker to bypass the 2-step verification method on telegram desktop application. Hacker after controlling the victim system remotely, can go to the following path and copy all the contents,then run the Telegram.exe:
Path: %AppData%/Roaming\Telegram Desktop\
########################
Discovered By : Alireza Bolbolabadi
########################