Description
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2018/q3/280
Third Party Advisory x_refsource_misc
https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
Scores
CVSS v3
9.8
EPSS
0.0163
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
telegram/telegram_desktop
1.3.16 alpha
Published
Sep 28, 2018
Tracked Since
Feb 18, 2026