Bug 203912 - www/owncloud: Cleartext Password Logs
Summary: www/owncloud: Cleartext Password Logs
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Walter Schwarzenfeld
URL:
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2015-10-21 05:29 UTC by O. Hartmann
Modified: 2018-03-04 15:33 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (kevlo)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description O. Hartmann 2015-10-21 05:29:41 UTC 
Owncloud logs passwords of users in cleartext in the owncloud.log file, which is usually readabel only by the user id www and group id www. This is with version 8.1.3.0 and the standard installation on FreeBSD CURRENT.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2015-10-21 05:40:10 UTC 
Is this something that needs to be reported, and fixed upstream, or is it a configuration default that can be improved upon?
Comment 2 loic.blot 2016-03-09 06:58:55 UTC 
@kubilay this is fixed upstream as i see yesterday with the owncloud 9.0. THere is a filter to remove passwords from logs. This bug can be closed
Comment 3 Rene Ladan freebsd_committer freebsd_triage 2018-01-12 11:23:20 UTC 
Maintainer reset.
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-03-04 15:33:37 UTC 
See comment2. Close here - fixed.