Privacy Vulnerability: Incorrect Access Level Indication in Telegram App Allows Phone Number Discovery

Privacy Vulnerability: Incorrect Access Level Indication in Telegram App Allows Phone Number Discovery

CVE-2019-15514 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

Learn more about our Cis Benchmark Audit For Apple Ios.