Main Vulnerability Database Vulnerabilities #VU35750

Use of a broken or risky cryptographic algorithm in Dropbox for Windows - CVE-2019-12171

Published: July 8, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35750

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-12171

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Dropbox for Windows

Software vendor:
Dropbox

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

Remediation

Install update from vendor's website.

External links

https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5
https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8

Use of a broken or risky cryptographic algorithm in Dropbox for Windows - CVE-2019-12171

Description

Remediation

External links

Please verify you're human