First published: Tue Oct 09 2018(Updated: )
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | =4.8.11 | |
=4.8.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15542 is a vulnerability discovered in the org.telegram.messenger application 4.8.11 for Android.
CVE-2018-15542 has a severity score of 6.4, which is considered medium.
CVE-2018-15542 allows authentication bypass via runtime manipulation in the Passcode feature of the org.telegram.messenger application for Android.
The org.telegram.messenger application version 4.8.11 for Android is affected by CVE-2018-15542.
Currently, there is no known fix for CVE-2018-15542. It is recommended to update to the latest version of the org.telegram.messenger application when a fix becomes available.