Telegram up to 7.3 on macOS Passcode credentials storage

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Telegram up to 7.3 on macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Passcode Handler. Upgrading to version 7.4 (212543) eliminates this vulnerability.

Field02/12/2021 05:20 PM03/01/2021 11:46 AM03/01/2021 11:48 AM
nameTelegramTelegramTelegram
version<=7.3<=7.3<=7.3
platformmacOSmacOSmacOS
componentPasscode HandlerPasscode HandlerPasscode Handler
cwe256 (privilege escalation)256 (privilege escalation)256 (privilege escalation)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://www.inputzero.io/2020/12/telegram-privacy-fails-again.htmlhttps://www.inputzero.io/2020/12/telegram-privacy-fails-again.htmlhttps://www.inputzero.io/2020/12/telegram-privacy-fails-again.html
nameUpgradeUpgradeUpgrade
upgrade_version7.4 (212543)7.4 (212543)7.4 (212543)
cveCVE-2021-27204CVE-2021-27204CVE-2021-27204
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss3_vuldb_basescore4.34.34.3
cvss3_meta_basescore4.34.34.9
price_0day$0-$5k$0-$5k$0-$5k
date1613084400 (02/12/2021)1613084400 (02/12/2021)1613084400 (02/12/2021)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
videolinkhttps://www.youtube.com/watch?v=zEt-_5b4OaAhttps://www.youtube.com/watch?v=zEt-_5b4OaAhttps://www.youtube.com/watch?v=zEt-_5b4OaA
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_tempscore4.14.14.7
cve_assigned16130844001613084400
cve_nvd_summaryTelegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss2_nvd_basescore2.1
cvss3_nvd_basescore5.5

Do you know our Splunk app?

Download it now for free!