Description
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5
Scores
CVSS v3
7.8
EPSS
0.0092
EPSS Percentile
55.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-312
CWE-522
Status
published
Products (1)
dropbox/dropbox
71.4.108.0
Published
Jul 08, 2019
Tracked Since
Feb 18, 2026