Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Password Goof Let Any Password Work For 4 Hours

Posted by timothy on from the you'll-find-we're-very-open-minded. dept.

tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."

1 of 185 comments (clear)

  1. Re:Relax, it was only 4 hours. by xtracto · · Score: 5, Interesting

    but fortunately there is no evidence of any unauthorized access.

    Of course not, all the access where authorized by the faulty authorization system.

    --
    Ubuntu is an African word meaning 'I can't configure Debian'