Don't leak passwords in Android logs #83

licaon-kter · 2019-12-09T14:48:29Z

info.varden.hauk: .utils.PreferenceManager.set(PreferenceManager.java:42): Setting preference Preference<String+Encrypted>{key=cryptPassword,default=}, value=MYSERVERPASSWORDINPLAINTEXT

and

I info.varden.hauk: .caching.ResumableSessions.setSessionResumable(ResumableSessions.java:80): Setting session Session{serverURL=https://domain.tld/,backendVersion=1.5,sessionID=xxxxxxxxxxxxxxxxxxxxxxxxx,expiry=15759074xxxxx,interval=5,e2eParams=KeyDerivable{password=MYE2ESHAREPASSWORDINPLAINTEXT,salt=0xxxxxxxxxxxxxxxxxxxxxxxxxxxx}} resumable

bilde2910 · 2019-12-09T15:03:09Z

That's a very good point. I'll remove the password from the logs. The salt is randomly generated and not considered secret.

bilde2910 · 2019-12-09T15:18:37Z

Fixed in upcoming v1.5.2.

licaon-kter changed the title ~~Don't leak e2e password in Android logs~~ Don't leak passwords in Android logs Dec 9, 2019

bilde2910 added the bug Something isn't working label Dec 9, 2019

bilde2910 closed this as completed in 9ecb7c0 Dec 9, 2019

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't leak passwords in Android logs #83

Don't leak passwords in Android logs #83

licaon-kter commented Dec 9, 2019 •

edited

Loading

bilde2910 commented Dec 9, 2019

bilde2910 commented Dec 9, 2019

Don't leak passwords in Android logs #83

Don't leak passwords in Android logs #83

Comments

licaon-kter commented Dec 9, 2019 • edited Loading

bilde2910 commented Dec 9, 2019

bilde2910 commented Dec 9, 2019

licaon-kter commented Dec 9, 2019 •

edited

Loading