search

hypery2k / owncloud

In this repo you'll find apps and enhancements for owncloud
Other
156 stars 85 forks source link

Roundcube error logging outputs password in plain text ? #364

Closed traxxion closed 8 years ago

traxxion commented 8 years ago

See below example (hopefully) sanitised:

OC_RoundCube_AuthHelper.class.php->login(): Login error. exception 'OC_Mail_NetworkingException' with message 'Unable to determine network-status due to technical problems.' in /var/www/owncloud/apps2/roundcube/lib/RoundCubeLogin.class.php:434 Stack trace: 
#0 /var/www/owncloud/apps2/roundcube/lib/RoundCubeLogin.class.php(279): OC_RoundCube_Login->sendRequest('', Array) 
#1 /var/www/owncloud/apps2/roundcube/lib/RoundCubeApp.class.php(357): OC_RoundCube_Login->login(NULL, NULL) 
#2 /var/www/owncloud/apps2/roundcube/lib/RoundCubeAuthHelper.class.php(82): OC_RoundCube_App::login('<---------------HOST NAME -------------------->', '', '', NULL, NULL) 
#3 [internal function]: OC_RoundCube_AuthHelper::login(Array) 
#4 /var/www/owncloud/lib/private/hook.php(103): call_user_func(Array, Array) 
#5 /var/www/owncloud/lib/private/server.php(216): OC_Hook::emit('OC_User', 'post_login', Array) 
#6 [internal function]: OC\Server->OC\{closure}(Object(OC\User\User), '<------------ PASSWORD IN PLAIN TEXT ---------------->') 
#7 /var/www/owncloud/lib/private/hooks/emittertrait.php(98): call_user_func_array(Object(Closure), Array) 
#8 /var/www/owncloud/lib/private/hooks/publicemitter.php(32): OC\Hooks\BasicEmitter->emit('\OC\User', 'postLogin', Array) 
#9 /var/www/owncloud/lib/private/user/session.php(223): OC\Hooks\PublicEmitter->emit('\OC\User', 'postLogin', Array) 
#10 /var/www/owncloud/lib/private/user.php(248): OC\User\Session->login('<--------------USER NAME ------------------>', '<------------ PASSWORD IN PLAIN TEXT ---------------->') 
#11 /var/www/owncloud/lib/base.php(1051): OC_User::login('<------------USER NAME ------------->', '<------------ PASSWORD IN PLAIN TEXT ---------------->') 
#12 /var/www/owncloud/lib/base.php(947): OC::tryFormLogin()
#13 /var/www/owncloud/lib/base.php(909): OC::handleLogin() 
#14 /var/www/owncloud/index.php(39): OC::handleRequest() 
#15 {main}
mckaygerhard commented 8 years ago

please provide more clarefully the issue, OC version, RC version, env wehre are produced and notice that this app are no more developent new features!

Take in consideration that the plain text problem where produced in older versions.. are u take a look at lasted build ?

NOTE: PLEASE FORMAT THE CONTENTS its a pain search for what are in the text ok, i edited for

hypery2k commented 8 years ago

you see that these are core OC classes? Please fill in an issue there