Indian security investigator Prakhar Prasad, founder of Security Pulse, claims to have recognized a couple of issues that affect the well-liked file hosting application Dropbox.
The former issue refers to an open redirection error on the dropboxteam.com web site. The firm accepted the existence of the susceptibility and addressed it.
But, the later bug,allows an attacker to remove any user from the Dropbox for Business mailing list, is’nt regarded as a defence issue by the corporation.
Dropbox argues that the invader would require knowing the victim’s e-mail ID. Also, password reset e-mails and shared folder emails are‘nt affected.
“Dropbox must have taken this matter seriously as it was bringing an unpredicted change to someone’s profile, a bit not severe change but still something lacking the user’s permission,” the security specialist cited in an e-mail to media.
Check the proof-of-concept clips published by the specialist.
No comments :
Post a Comment