Summary by Dropbox
A third-party-managed partner portal was using an outdated package that could allow an attacker to impersonate the partner portal. The issue was fixed by the third party. Dropbox, its partners, and users were not affected.
DKIM key for partners.dropbox.com affected by Debian OpenSSL bug (CVE-2008-0166)
Disclosed by hanno- Engagement Dropbox
- Disclosed date almost 2 years ago
- Reward $350
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by hanno
The host partners.dropbox.com had a DKIM key configured vulnerable to the Debian OpenSSL Bug. It was resolved by removing the affected TXT record.