The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (includ

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be acces

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a sho

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "cor

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI,

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords,

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts t

The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app user