Skip to main content
  1. Security/

File and Chat disclosure by calling the device while its in locked state

·1 min· loading · loading ·
Nextcloud bugbounty CVE-2021-41181
Christian Angel
Christian Angel
Table of Contents
Talk app allows access to sensitive chat messages on lockscreen during a call


An attacker with physical access can gain access to the chat messages and files of the user by calling the victim phone while its in locked state.

This happens because the app did not properly detect the lockscreen state when a call was incoming.

Nextcloud was able to fix this by enabling the Keyguard on the Talk app.