[3.3.0] [Security] Nextcloud Password is logged in clear Text [released]
Nextcloud Integration loggs the Nextcloud Account Passwort in clear Text. At least when trying to share a Picture from Galery. It loggs like this:
Apr 03 13:30:33 jayki-phone ne[8745]: [W] unknown:0 - Propfind request failed prior to upload: "Error transferring https://username:password@cloud.my.com/remote.php/webdav/Photos/ - server replied: Not Found"
For me thats a security issue...
Depends on who has access to the logs... where is the log stored?
bomo ( 2020-04-03 17:29:17 +0200 )editdoesn't matter who accesses a logfile. there is no reason to log it, especially not in clear text and you can't rely on "oh no one is ever accessing the logs"
nightmare ( 2020-04-03 17:46:06 +0200 )edit