FortiClient Vulnerability

Telegram Desktop CVE-2020-25824 Weak Authentication Vulnerability

Description

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.

Affected Applications

Telegram Desktop

CVE References

CVE-2020-25824

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25824

ID	2520
Created	May 12, 2021
Description Updated	Oct 26, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Telegram Messenger LLP
Patch	manual
Application	Telegram Desktop

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Telegram Desktop CVE-2020-25824 Weak Authentication Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Telegram Desktop CVE-2020-25824 Weak Authentication Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center