latest updates from easySERVICE™
The cloud storage company revealed in a blog post that a weakness based on referer headers could be exploited to expose information. A referer header is a protocol that lets a site learn where you’ve come from when you are browsing the Web, and the feature allows websites to understand traffic sources — whether you visit a site from a search engine, bookmark, or another website. However, in the following scene, this feature could be exploited via Dropbox to steal data:
Dropbox says no data theft due to the flaw has been reported.
Users do not need to take any further action, and Dropbox says that for previously shared links to documents, access has been disabled entirely “until further notice.” The company hopes to lift this restriction and restore links not susceptible to this security flaw within the next few days.
As a workaround until access is restored, users can re-create links which have been disabled, which will be protected from the vulnerability in the same manner as any new shared links created going forward. Dropbox for Business users, who have the option of restricting shared link access to people in Dropbox for Business teams, are not affected by the flaw.
Source: Associated Press