Full Disclosure mailing list archives
Re: Telegram authentication bypass
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 28 Apr 2014 21:15:13 +0200
On Mon, 28 Apr 2014 11:17:31 +0200 jdiaz () cert inteco es wrote:
This may allow an attacker leveraging this issue (e.g. by distributing a slightly modified client) to obtain almost full control of the victim's account.
I haven't read the details, but can you please explain how it is an "attack" if I can control a user if I manage that he installs a modified client? I can do anything if a user installs a client I can modify. That's no surprise and has nothing to do with the protocol in use. I'm certainly not a fan of telegram's strange security protocol, but this seriously sounds like strange FUD (haven't read the paper, maybe it's just a joke or a fake). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Telegram authentication bypass jdiaz (Apr 28)
- Re: Telegram authentication bypass Dominik Schürmann (Apr 28)
- Re: Telegram authentication bypass jdiaz (Apr 29)
- Re: Telegram authentication bypass Mario Vilas (Apr 29)
- Re: Telegram authentication bypass Tony Arcieri (Apr 29)
- Re: Telegram authentication bypass jdiaz (Apr 29)
- Re: Telegram authentication bypass Hanno Böck (Apr 28)
- Re: Telegram authentication bypass Dominik Schürmann (Apr 28)