Telegram 4.0.1 - TwoFactor Authentication ByPass (0day)

2017.06.26
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: =============== Telegram 4.0.1 - TwoFactor Authentication ByPass (0day) Author: =============== Shahab Shamsi Vendor Homepage =============== https://telegram.org/ Date: =============== 2017-06-25 Exploitation-Technique: =============== Local,Remote References: =============== Video1: https://www.youtube.com/watch?v=44ZDbvnZILk Video2: http://securityman.org/telegram-4-0-1-twofactor-authentication-bypass-0day/ Severity Level: =============== High Description: =============== This vulnerability makes you able to bypass the two factors authentication of Telegram account, so you can access to the target Telegram account. on the condition: - That You Access To Activation code. - Update Telegram Final Version POC: =============== Step 1 : At first, connect to the target account via one of the Telegram versions. Step 2 : Then, inter the activation code of account Step 3 : At final step that needs to pass two factors authentication of password, without intering the second password, reset the account. Solution: ============== - This bug prove that two factors authentication of Telegram accounts needs to review, There is no certain solution to resolve this security problem till now. Contact Me : ============== Telegram : @Shahab_Shamsi Email : info@securityman.org WebSilte : WwW.iran123.Org Tnx : Artin ghafari (Hidden Eagle) - Thanks to my dear friend "Artin Ghafari" to record the video and help to discover the bug.

References:

https://www.youtube.com/watch?v=44ZDbvnZILk
http://securityman.org/telegram-4-0-1-twofactor-authentication-bypass-0day/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top