I hereby claim:
- I am FlatL1neAPT on github.
- I am underground (https://keybase.io/underground) on keybase.
- I have a public key whose fingerprint is 0875 D092 F495 5239 6070 0D70 148E 43C4 C8E4 8E2E
To claim this, I am signing this object:
FlatL1neAPT
/ CVE-2018-15543.txt
Created
October 28, 2018 11:04
— forked from tanprathan/CVE-2018-15543.txt
Telegram CVE-2018-15543 Information
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Description] | |
| > ** DISPUTED ** An issue was discovered in the org.telegram.messenger | |
| > application 4.8.11 for Android. The FingerprintManager class for | |
| > Biometric validation allows authentication bypass through the callback | |
| > method from onAuthenticationFailed to onAuthenticationSucceeded with | |
| > null, because the fingerprint API in conjunction with the | |
| > Android keyGenerator class is not implemented. In other words, an | |
| > attacker could authenticate with an arbitrary fingerprint. NOTE: the | |
| > vendor indicates that this is not an attack of interest within the | |
| > context of their threat model, which excludes Android devices on which |
FlatL1neAPT
/ keybase.md
Created
November 20, 2017 16:30
NewerOlder