Shared Links

System Clipboard Leak (Shared Link)

Overview of the Vulnerability

The system clipboard, used when performing a copy and paste function, leaks sensitive information. An attacker could abuse this clipboard leak to steal confidential shared links that a user created and copied to their clipboard within the application.

Business Impact

This vulnerability can lead to reputational damage for the business due to a loss in confidence and trust by users.

Steps to Reproduce

  1. Create and install the following malicious application capable of accessing the clipboard: {{malicious application}}

  2. Log in to {{application}}

  3. Navigate to the following endpoint: {{value}}

  4. Copy some sensitive information to the clipboard

  5. Within the malicious application, observe the sensitive information through the clipboard

Proof of Concept (PoC)

The screenshot(s) below demonstrates the leak from the system clipboard:

{{screenshot}}

Recommendation(s)

All clipboard data that may contain sensitive information should be stored in a temporary and local only location on a user’s machine. Sensitive data should not be included in a clipboard history or any type of cloud-based clipboard program.

PreviousSystem Clipboard LeakNextUser Password Persisted In Memory

Last updated