CVE-2019-12171

2019-07-0812:44:11

mitre

www.cve.org

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

References

drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5

drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8