Credential Leaking Bug


#1

After you enter credentials for a webdav connection (name, password) & save, you can then edit the connection details and in doing so the connection password can be seen in plaintext.

It should not be possible to see a password once it has been entered. By all means provide an option to change the password, but never ever reveal it.

I personally rate this as a very high security risk, because most mobie devices themselves are not especially secure. If someone steals my phone and hacks the interface (not terribly difficult) then they can take over my cloud accounts via the webdav pass itword reveal bug.

Please please fix this.

I otherwise love this product!


#2

Just wanted to let you know that it has been fixed in the latest update! Thank you for your report. :+1: