Telegram Portable/Installer Session Hijacking (Bypass 2-step Verification Method)

2016.10.18

Alireza Bolbolabadi (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Title: Telegram Portable/Installer Session Hijacking (Bypass 2-step verification method)
# Date: 18-10-2016
# Author: Alireza Bolbolabadi
# Vendor Homepage: https://telegram.org/
# Software Link: https://desktop.telegram.org/
# Tested on: Windows 7
# Risk: Critical
#######################################################################################


There is a critical vulnerability which help hacker to bypass the 2-step verification method on telegram desktop application. Hacker after controlling the victim system remotely, can go to the following path and copy all the contents,then run the Telegram.exe:

Path: %AppData%/Roaming\Telegram Desktop\



########################

Discovered By : Alireza Bolbolabadi

########################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Telegram Portable/Installer Session Hijacking (Bypass 2-step Verification Method)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.