PT-2019-12677 · Dropbox · Dropbox

Publicado

2019-07-08

Atualizado

2021-07-21

CVE-2019-12171

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dropbox desktop application version 71.4.108.0

Description The issue concerns the storage of cleartext credentials in memory by Dropbox.exe and QtWebEngineProcess.exe upon successful login or new account creation. These credentials are not securely freed in the running process.

Recommendations For version 71.4.108.0, consider updating to a newer version that securely handles credentials in memory, ensuring that sensitive information is properly cleared after use.

Exploit

Correção

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-312

Identificadores relacionados

CVE-2019-12171

Produtos afetados

Dropbox

PT-2019-12677 · Dropbox · Dropbox

CVE-2019-12171

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5