Vulnerabilities > CVE-2019-17191 - Incorrect Authorization vulnerability in Signal Private Messenger
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
- https://news.ycombinator.com/item?id=21161432
- https://news.ycombinator.com/item?id=21161432
- https://twitter.com/moxie/status/1180261210341511168
- https://twitter.com/moxie/status/1180261210341511168