Published: 29/09/2018 Updated: 06/12/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.

Vulnerable Product	Search on Vulmon	Subscribe to Product
telegram telegram messenger 3.3.0.0
telegram telegram desktop 1.3.14

Desktop Telegram users showing off not only their silly selfies but also their IP addresses

The Register • Shaun Nichols in San Francisco • 01 Oct 2018

Researcher earns $2,000 for unmasking flaw Back to school soon – for script kiddies as well as normal kids. Hackers peddle cybercrime e-classes via Telegram

Telegram has paid out a €2,000 bounty to a researcher who uncovered a vulnerability that caused the messaging app to expose users' IP addresses. The programming blunder has been fixed in the latest version. Dhiraj Mishra took credit for the discovery and reporting of CVE-2018-17780, a vulnerability in the Windows and tdesktop (GitHub) versions of Telegram that, under specific settings, would allow a user to view the IP address of anyone they call. Mishra told The Register the flaw stems from T...

CVE-2018-17780

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect