CVE-2018-17780 : What You Need to Know
Learn about CVE-2018-17780 affecting Telegram Desktop and Telegram for Windows, exposing user IP addresses during calls. Find mitigation steps and security practices.
Telegram Desktop and Telegram for Windows expose end-user IP addresses during calls due to a security vulnerability.
Understanding CVE-2018-17780
Telegram Desktop and Telegram for Windows have a flaw that leaks public and private IP addresses during calls.
What is CVE-2018-17780?
This CVE identifies a vulnerability in Telegram Desktop (version 1.3.14) and Telegram 3.3.0.0 WP8.1 on Windows. The issue allows exposure of user IP addresses during calls due to unsafe default settings.
The Impact of CVE-2018-17780
The vulnerability can lead to the exposure of both public and private IP addresses of users during calls, compromising their privacy and security.
Technical Details of CVE-2018-17780
Telegram Desktop and Telegram for Windows are affected by this security flaw.
Vulnerability Description
The flaw allows P2P connections from clients not in the user's contact list, leading to IP address exposure during calls.
Affected Systems and Versions
- Telegram Desktop 1.3.14
- Telegram 3.3.0.0 WP8.1 on Windows
Exploitation Mechanism
The vulnerability arises from an unsafe default setting that permits P2P connections from non-contacts, exposing IP addresses.
Mitigation and Prevention
Immediate action and long-term security practices can help mitigate the risks posed by CVE-2018-17780.
Immediate Steps to Take
- Avoid making calls on Telegram Desktop or Windows version until the issue is resolved.
- Use alternative communication methods to protect IP privacy.
Long-Term Security Practices
- Regularly update Telegram applications to the latest secure versions.
- Review and adjust privacy settings to limit exposure of sensitive information.
Patching and Updates
- Stay informed about security updates from Telegram and apply patches promptly to address this vulnerability.