Cyber Security Institute
Thursday, April 28, 2011
Dropbox 1.2 Experimental Build Fixes Security Issue
Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data. Dropbox 1.2 introduces a new encrpyted database format to “prevent unauthorized access to local Dropbox client database” in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.