Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
Debian Bug report logs -
#921133
CVE-2018-17613
Package:
telegram-desktop;
Maintainer for telegram-desktop is Nicholas Guriev <guriev-ns@yaru>; Source for telegram-desktop is src:telegram-desktop (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 1 Feb 2019 23:57:01 UTC
Severity: imp ...