Telegram 4.0.1 Two Factor Authentication Bypass

Telegram version 4.0.1 suffers from a two-factor authentication bypass vulnerability.


MD5 | a874728318ad389b5b51f22df6fc748f


Title:
===============
Telegram 4.0.1 - "TwoFactor Authentication" ByPass (0day)


Author:
===============
Shahab Shamsi


Vendor Homepage
===============
https://telegram.org/


Date:
===============
2017-06-25


Exploitation-Technique:
===============
Local,Remote


References:
===============
Video1: https://www.youtube.com/watch?v=44ZDbvnZILk
Video2: http://securityman.org/telegram-4-0-1-twofactor-authentication-bypass-0day/


Severity Level:
===============
High


Description:
===============
This vulnerability makes you able to bypass the two factors authentication of Telegram account,
so you can access to the target Telegram account.

on the condition:
- That You Access To Activation code.
- Update Telegram Final Version




POC:
===============
Step 1 : At first, connect to the target account via one of the Telegram versions.
Step 2 : Then, inter the activation code of account
Step 3 : At final step that needs to pass two factors authentication of password, without intering the second password, reset the account.


Solution:
==============
- This bug prove that two factors authentication of Telegram accounts needs to review,

There is no certain solution to resolve this security problem till now.



Contact Me :
==============
Telegram : @Shahab_Shamsi
Email : [email protected]
WebSilte : WwW.iran123.Org
Tnx : Artin ghafari (Hidden Eagle)
- Thanks to my dear friend "Artin Ghafari" to record the video and help to discover the bug.

Related Posts