The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NSmarsh Telemessage
APPSmarsh≤ 2025-05-05
Related vulnerabilities
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly ...
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint ...
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing...
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., no...
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail a...