> The vulnerability was: If you pwn the server, you can join a group without bei... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

fwdpropaganda on Feb 7, 2018 | parent | context | favorite | on: Telegram Login for Websites

> The vulnerability was: If you pwn the server, you can join a group without being invited, which means subsequent messages would be plaintext to you. However, everyone gets notified of a new arrival.

If to you owning server => accessing group is not severe, then you should be happy with Telegram's default encryption: it's run of the mill SSL by default, just not E2E. If you own their servers you can read people's conversations too.

CiPHPerCoder on Feb 7, 2018 [–]

Accessing the group means:

1. Announcing your intrusion

2. Only being able to read what people say after you joined

That's a far better security proposition than server operators being able to silently spy on everything you ever send.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact