Description
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
CVSS Metrics
- Vector
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- none
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-312CWE-522
Metadata
- Primary Vendor
- DROPBOX
- Published
- 7/8/2019
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
dropbox : dropbox
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.