CVE-2018-17613

CRITICAL

Telegram Desktop <1.3.16 - Info Disclosure

Title source: llm

Description

Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.

References (2)

[Mailing List, Third Party Advisory] https://seclists.org/oss-sec/2018/q3/280

[Third Party Advisory] https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html

Scores

CVSS v3 9.8

EPSS 0.0031

EPSS Percentile 53.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

telegram/telegram_desktop

Timeline

Published Sep 28, 2018

Tracked Since Feb 18, 2026