“Though the exploitation strategies may not be sophisticated (therefore the low rating), the end result—entry to plaintext chat logs regardless of assertions of end-to-end encryption—constitutes a critical breach of confidentiality, which is important for a safe messaging service, particularly one that will deal with delicate communications,” Schwake famous.
CISA’s recommendation for companies and companies to keep away from utilizing TeleMessage probably stems from this confirmed real-world exploitation and its vital influence on knowledge privateness, whatever the technical rating, he added.
Authorities officers are particularly susceptible
“This vulnerability was almost certainly added to the KEV record because of the reported use of TeleMessage by authorities officers,” Thomas Richards, infrastructure security apply director at Black Duck, instructed CSO in a remark.
