“Though the exploitation strategies may not be sophisticated (therefore the low rating), the result—entry to plaintext chat logs regardless of assertions of end-to-end encryption—constitutes a critical breach of confidentiality, which is important for a safe messaging service, particularly one that will deal with delicate communications,” Schwake famous.
CISA’s recommendation for businesses and companies to keep away from utilizing TeleMessage seemingly stems from this confirmed real-world exploitation and its important impression on information privateness, whatever the technical rating, he added.
Authorities officers are particularly weak
“This vulnerability was almost definitely added to the KEV listing as a result of reported use of TeleMessage by authorities officers,” Thomas Richards, infrastructure safety apply director at Black Duck, informed CSO in a remark.
