Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-24
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
Products | Private_messenger, Signal\-Desktop |
Type | ? (NVD-CWE-noinfo) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/107550
• https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt |