Advisory ID: n0sign4l-002 Risk level: 4 / 5 Title: Signal Desktop - Recover Expired Messages Credit: Leonardo Porpora - ‘n0sign4l’ Product: Signal CVE: CVE-2018-14023 Version: 1.14.3 and prior Public Disclosure: 17/08/2018 Vendor: Open Whisper System Introduction : I am 17 years old and since I started dealing with informatic and cybersecurity I have been inspired by E. Snowden character, bravery and value, even when he faced hard consequences for his actions. To me he is a really special person and I consider him like a brother. Defending human rights - and privacy in particularly - is a must in a democratic society and for this reason, in my opinion, everybody should use Signal messaging application for their communications. Details Signal version 1.14.3 was vulnerable to the recovery of expired messages. When I reported the vulnerability to Signal Security Team. they fixed it in a very short time, but the fix was par