Closed didierm closed 2 years ago
fixed in https://github.com/nextcloud/sharepoint/pull/143 for upcoming 25
and in https://github.com/nextcloud/server/pull/33689 for 24. Backports down to 22 follow.
fixed in https://github.com/nextcloud/sharepoint/pull/143 for upcoming 25
and in https://github.com/nextcloud/server/pull/33689 for 24. Backports down to 22 follow.
When watching the NextCloud logs (NC v21), it is observed that the SharePoint Backend app (v1.9.1) logs the Sharepoint credentials (as entered in the External storages configuration) in cleartext.
Only part of the arguments have their parameter(s) replaced by the string
*** sensitive parameters replaced ***
.For an example, please refer to the log extract in https://github.com/nextcloud/sharepoint/issues/141#issuecomment-1195781505 . In that example, username, password, email and tenant (of which username and password are critically important) were manually replaced by