tweb icon indicating copy to clipboard operation
tweb copied to clipboard
verified publisher icon morethanwords

[BUG] The login code text is not safe.

Open eccstartup opened this issue 1 year ago • 0 comments

Describe the bug For web k version of telegram, the login code is seemed to be encrypted in some way but is not the case. If you read carefully the source code, you will see the numbers are shown as characters with ascii code order index of a braille-like string, which is not safe.

For numbers, we have:

{0: '⠦', 1: '⠩', 2: '⠪', 3: '⠬', 4: '⠱', 5: '⠲', 6: '⠴', 7: '⠸', 8: '⡃', 9: '⡅'}

To Reproduce Steps to reproduce the behavior:

  1. Open web k version and login.
  2. Login another device.
  3. See side bar of web k version and see encrypted code.
  4. Decrypt it youself.

Expected behavior Login code should be trully encrypted.

Screenshots image Yes, it is 19999.

Desktop (please complete the following information):

  • OS: [MacOS]
  • Browser [Chrome]
  • Version [126]

Additional context N/A.

eccstartup avatar Jun 16 '24 08:06 eccstartup