Dropbox Information for VU#894897
NSIS Inetc plug-in fails to validate SSL certificates
- Vendor Information Help Date Notified: 03 Mar 2015
- Statement Date:
- Date Updated: 20 Mar 2015
Dropbox patched its service within hours of notification, and the fix went live on March 4, 2015. All Dropbox clients are safe, and there is no evidence to indicate the vulnerability was ever exploited. Users are not vulnerable and don't need to take any action.
We are not aware of further vendor information regarding this vulnerability.
Dropbox 3.2.9 addresses this issue by performing additional validation of downloaded files.
If you have feedback, comments, or additional information about this vulnerability, please send us email.