[3.3.0] [Security] Nextcloud Password is logged in clear Text [released]

Tracked by Jolla (In release)

asked 2020-04-03 14:33:47 +0200

1468 ●20 ●24 ●25

Nextcloud Integration loggs the Nextcloud Account Passwort in clear Text. At least when trying to share a Picture from Galery. It loggs like this:

Apr 03 13:30:33 jayki-phone ne[8745]: [W] unknown:0 - Propfind request failed prior to upload: "Error transferring https://username:password@cloud.my.com/remote.php/webdav/Photos/ - server replied: Not Found"

For me thats a security issue...

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by Federico
close date 2020-04-27 10:59:10.193796

Comments

Depends on who has access to the logs... where is the log stored?

bomo ( 2020-04-03 17:29:17 +0200 )edit

doesn't matter who accesses a logfile. there is no reason to log it, especially not in clear text and you can't rely on "oh no one is ever accessing the logs"

nightmare ( 2020-04-03 17:46:06 +0200 )edit

[3.3.0] [Security] Nextcloud Password is logged in clear Text [released]

The question has been closed for the following reason "released in a software update" by Federico
close date 2020-04-27 10:59:10.193796

Comments

1 Answer

Question tools

Stats

[3.3.0] [Security] Nextcloud Password is logged in clear Text [released]

The question has been closed for the following reason "released in a software update" by Federico close date 2020-04-27 10:59:10.193796

Comments

1 Answer

Question tools

Public thread

Stats

The question has been closed for the following reason "released in a software update" by Federico
close date 2020-04-27 10:59:10.193796