Telegram version 4.0.1 suffers from a two-factor authentication bypass vulnerability.
a874728318ad389b5b51f22df6fc748f
Title:
===============
Telegram 4.0.1 - "TwoFactor Authentication" ByPass (0day)
Author:
===============
Shahab Shamsi
Vendor Homepage
===============
https://telegram.org/
Date:
===============
2017-06-25
Exploitation-Technique:
===============
Local,Remote
References:
===============
Video1: https://www.youtube.com/watch?v=44ZDbvnZILk
Video2: http://securityman.org/telegram-4-0-1-twofactor-authentication-bypass-0day/
Severity Level:
===============
High
Description:
===============
This vulnerability makes you able to bypass the two factors authentication of Telegram account,
so you can access to the target Telegram account.
on the condition:
- That You Access To Activation code.
- Update Telegram Final Version
POC:
===============
Step 1 : At first, connect to the target account via one of the Telegram versions.
Step 2 : Then, inter the activation code of account
Step 3 : At final step that needs to pass two factors authentication of password, without intering the second password, reset the account.
Solution:
==============
- This bug prove that two factors authentication of Telegram accounts needs to review,
There is no certain solution to resolve this security problem till now.
Contact Me :
==============
Telegram : @Shahab_Shamsi
Email : [email protected]
WebSilte : WwW.iran123.Org
Tnx : Artin ghafari (Hidden Eagle)
- Thanks to my dear friend "Artin Ghafari" to record the video and help to discover the bug.