SECURITY : app log messages reveal unobfuscated (clear-text) credentials

When watching the NextCloud logs (NC v21), it is observed that the SharePoint Backend app (v1.9.1) logs the Sharepoint credentials (as entered in the External storages configuration) in **cleartext**.

Only part of the arguments have their parameter(s) replaced by the string `*** sensitive parameters replaced ***`.

For an example, please refer to the log extract in https://github.com/nextcloud/sharepoint/issues/141#issuecomment-1195781505 .
In that example, _username, password, email and tenant_ (of which _**username**_ and _**password**_ are critically important) were manually replaced by 
```
***username_manually_obfuscated***
***password_manually_obfuscated***
***email_manually_obfuscated***
***tenant_manually_obfuscated***
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

SECURITY : app log messages reveal unobfuscated (clear-text) credentials #142

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

SECURITY : app log messages reveal unobfuscated (clear-text) credentials #142

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions