Dropbox patches shared link vulnerability, disables sharing of affected files for ‘a few days’
May06
Dropbox has made a change to its feature that lets users share links to their documents, after it revealed a vulnerability that could give third-parties access to data on its severs. A company post disclosed a weakness with referer headers that could expose information in the following scenario: A Dropbox user shares a link to a document that contains a hyperlink to a third-party website. The user, or an authorized recipient of the link, clicks on a hyperlink in the document. At that point, the referer header discloses the original shared link to the third-party website. Someone with access to that header, such…
This story continues at The Next Web