Dropbox Acknowledges Major Security Flaw
For almost four hours yesterday, users were able to log into any account without a password.
Dropbox recently confirmed that a programming error briefly enabled access to any user's account, regardless of the password entered.
"The San Francisco-based start-up attributed the security breach to a 'code update' that 'introduced a bug affecting our authentication mechanism,'" writes CNET News' Declan McCullagh. "Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said."
"'This should never have happened,' Dropbox co-founder and CTO Arash Ferdowsi said in a blog post," McCullagh. "'We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.'"
Go to "Dropbox confirms security glitch--no password required" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.
June 17, 2011
The vulnerabilities were found in two products from Beijing-based Sunway ForceControl Technology.