14 DAY TRIAL // Indian security researcher Prakhar Prasad, founder of Security Pulse, claims to have identified a couple of issues that affect the popular file hosting service Dropbox.
The first issue refers to an open redirection flaw on the dropboxteam.com website. The company acknowledged the existence of the vulnerability and addressed it.
However, the second bug, which allows an attacker to unsubscribe any user from the Dropbox for Business mailing list, is not regarded as a security issue by the company.
Dropbox argues that the attacker would need to know the victim’s email address. In addition, password reset emails and shared folder emails are not impacted.
“Dropbox should have taken this issue seriously as it was bringing an unexpected change to someone's profile, a bit not serious change but still something without the user's permission,” the security expert noted in an email to Softpedia.
Check out the proof-of-concept videos published by the expert.
