Web vulnerability exposes shared links in Dropbox

Share this article:

A web vulnerability, which the company says has been addressed, can cause Dropbox users to inadvertently share links to sensitive documents and information, according to a blog penned by Dropbox Vice President of Engineering Aditya Agarwal.

When a Dropbox user shares a link to a document that includes a hyperlink to a third-party website and the recipient clinks on the hyperlink, a referer header reveals the original shared link to the third-party site.

“Someone with access to that header, such as the webmaster of the third-party website, could then access the link to the shared document,” Agarwal wrote.

Dropbox hasn't found any instances of the vulnerability being exploited but has disabled access entirely for the time being and has patched the vulnerability. Dropbox for Business users, who have the ability to restrict shared link access, are not affected.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.