CVE-2019-12171

Published: Jul 8, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

Affected (1)

Products: Dropbox: Dropbox

Dropbox

1 product

Dropbox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dropbox Dropbox	Version 71.4.108.0

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5

Source: cve@mitre.org

ExploitThird Party Advisory

https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8

Source: cve@mitre.org

ExploitThird Party Advisory

https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.