We have moved to a new Sailfish OS Forum. Please start new discussions there.
22

[3.3.0] [Security] Nextcloud Password is logged in clear Text [released]

Tracked by Jolla (In release)

asked 2020-04-03 14:33:47 +0200

jayki gravatar image

Nextcloud Integration loggs the Nextcloud Account Passwort in clear Text. At least when trying to share a Picture from Galery. It loggs like this:

Apr 03 13:30:33 jayki-phone ne[8745]: [W] unknown:0 - Propfind request failed prior to upload: "Error transferring https://username:password@cloud.my.com/remote.php/webdav/Photos/ - server replied: Not Found"

For me thats a security issue...

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by Federico
close date 2020-04-27 10:59:10.193796

Comments

Depends on who has access to the logs... where is the log stored?

bomo ( 2020-04-03 17:29:17 +0200 )edit
8

doesn't matter who accesses a logfile. there is no reason to log it, especially not in clear text and you can't rely on "oh no one is ever accessing the logs"

nightmare ( 2020-04-03 17:46:06 +0200 )edit

1 Answer

Sort by » oldest newest most voted
6

answered 2020-04-27 09:43:57 +0200

jovirkku gravatar image

The logs taken with OS release 3.3.0.16 do not contain Nextcloud passwords in plain text. Fixed.

edit flag offensive delete publish link more

Question tools

Follow
5 followers

Stats

Asked: 2020-04-03 14:33:47 +0200

Seen: 531 times

Last updated: Apr 27 '20