/
Telegram:CVE-2020-12474
64 lines (42 loc) · 2.02 KB
/
Telegram:CVE-2020-12474
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Hi World,
Please refer minimal poc for my discovered CVE-2020-12474 in Telegram android version 6.0.1, ios version 6.0.1, desktop 2.0.1 & earlier version.
[Description]
Telegram Desktop, Telegram app for Android and iOS could allow a remote attacker to conduct spoofing attacks, caused by an IDN Homograph attack flaw.
By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability using punnycode embedded URL to spoof shared link URLs and group chat invites.
------------------------------------------
[Additional Information]
It was observed that adversary able to send victim a punnycode
embedded public urls or group chat invitation link which looks
legitimate to users .After clicking on those url which will directly
open in webview and redirect victim to malicious website where
adversary could able to perform any suspicious activity
------------------------------------------
[VulnerabilityType Other]
IDN Homograph attack
------------------------------------------
[Vendor of Product]
Telegram
------------------------------------------
[Affected Product Code Base]
Telegram Desktop - 2.0.1 & earlier
Telegram android - 6.0.1 & earlier
Telegram ios - 6.0.1 & earlier
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[CVE Impact Other]
IDN Homograph attack leads to spoofing of shared link urls/group chat invites in telegram
------------------------------------------
[Attack Vectors]
Victim needs to open punnycode embedded url which looks legitimate prior opening in webview or default browser
------------------------------------------
Connect with me for more details on attack vectors.
Regards,
Vijay Tikudave
https://in.linkedin.com/in/vijay-tikudave
[Timelines]
1. Report to telegram on April first week 2020
2. Initial acknowledgement received from vendor on 2nd week of April
3. Vendor patched Vulnerability in 6.1 & 2.1 version.
5. Four digit bounty received in 3rd week April 2020