PT-2019-12677 · Dropbox · Dropbox

Published

2019-07-08

Updated

2021-07-21

CVE-2019-12171

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dropbox desktop application version 71.4.108.0

Description The issue concerns the storage of cleartext credentials in memory by Dropbox.exe and QtWebEngineProcess.exe upon successful login or new account creation. These credentials are not securely freed in the running process.

Recommendations For version 71.4.108.0, consider updating to a newer version that securely handles credentials in memory, ensuring that sensitive information is properly cleared after use.

Exploit

Fix

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-312

Related Identifiers

CVE-2019-12171

Affected Products

Dropbox

PT-2019-12677 · Dropbox · Dropbox

CVE-2019-12171

Weakness Enumeration

Related Identifiers

Affected Products

References · 5