25 Oct Signal Desktop Bug Completely Exposes Decryption Key
Software developer Nathaniel Suchy recently revealed a problem with Signal Desktop which exposes the key used to decrypt encrypted messages locally stored by the application.
Suchy said that the messaging application automatically generates and stores the encryption key to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json. which can readily be opened by any user.
Signal has already been alerted by Bleeping Computer via Twitter, but has yet to issue a response on the matter.
Source: Bleeping Computer