Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Password stored as plain text in the "accounts.db" file

DAVx⁵

1841

A
AutoImport-utack last edited by

In the database found under “/data/system/users/0/accounts.db” the owncloud password is stored as plain text.
This means anyone with root access on the phone, probablly including closed source apps that need root, can aquire the password.
This might lead to the discussion that a rooted phone is always a risk, however it would still be nice to add an additional layer of security here.
1 Reply Last reply
Reply Quote 0
rfc2822 developer last edited by

Thanks for your suggestion, but this is intended Android design. DAVdroid uses the Android account management and password methods. Additional security would have to be implemented in this API.
1 Reply Last reply
Reply Quote 0

Tweets by DAVx5App

Similar topics

Tor hidden service: DAVx⁵ failes to connect / Support SOCKS proxy
DAVx⁵ • enhancement orbot tor • • bergentroll

7

0
Votes

7
Posts

204
Views

@rfc2822, yes, actually, if you please, while I was trying to make my hidden service working, I found, that it may be convenient in such cases to save entry even when it is not valid for now, just marking it as out of sync or something like this. Thus it will be possible to edit such entries later without filling credentials again, you know. Just an idea.
A

Crash when adding account after setting up SRV+TXT records
DAVx⁵ • bug • • AutoImport-Emerentius

2

0
Votes

2
Posts

726
Views

The issue is related to the TXT record and only occurs when a TXT record is present.
The issue should be fixed with the next commit. The TXT record of saldek.de seems to be wrong: $ host -t TXT _carddavs._tcp.saldek.de _carddavs._tcp.saldek.de descriptive text "/owncloud/remote.php/carddav/"
It should be path=/owncloud/remote.php/carddav/. However, that’s not related to the DAVdroid bug.

Until the next DAVdroid version is available, you may remove the TXT records and go with well-known paths (301 .well-known redirection).
A

Reminder of "n WEEKS" saved as "0 minutes"
DAVx⁵ • bug • • AutoImport-lmamane

1

0
Votes

1
Posts

515
Views

A

Not sure if the bug is in Calendar app or in DavDroid.

When I create (with Icedove / Thunderbird) a reminder 14, 21, 28, … days before the event starts, it is displayed as “0 minutes” in the calendar app. However, a reminder 15, 22 or 29 days before event is displayed correctly. Also “7 days before event starts” is correctly displayed as “1 week”. It seems that DaviCal does not recognize “DURATION:-P2W”, “DURATION:-P3W”, etc. Cf the “Adding alarm 0 min before” in the log.

Log:
I/davdroid.SyncManager( 2910): Fetching 1 updated remote resource(s) D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "GET /caldav.php/USER/calendar/20141217T180433Z-2910_ef431a529be54627.ics HTTP/1.1[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "Accept: text/calendar[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "Host: calendar.blitz.conuropsis.org[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "Connection: Keep-Alive[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "User-Agent: DAVdroid/0.6.8[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXX[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 >> "[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "HTTP/1.1 200 OK[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Date: Thu, 18 Dec 2014 18:06:53 GMT[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Server: Apache/2.2.22 (Debian)[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "X-Powered-By: PHP/5.4.35-0+deb7u2[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DAV: extended-mkcol, bind, addressbook, calendar-proxy[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Etag: "ede0b62339aae3e794b9db0b77fe2449"[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Content-Length: 1361[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "X-DAViCal-Version: DAViCal/1.1.3; DB/1.2.11[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Keep-Alive: timeout=5, max=99[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Connection: Keep-Alive[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "Content-Type: text/calendar; charset="utf-8"[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VCALENDAR[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "PRODID:-//Mozilla.org/NONSGML Mozilla Calendar V1.1//EN[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "VERSION:2.0[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VTIMEZONE[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZID:Europe/Berlin[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "X-LIC-LOCATION:Europe/Berlin[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:DAYLIGHT[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZOFFSETFROM:+0100[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZOFFSETTO:+0200[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZNAME:CEST[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DTSTART:19700329T020000[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:DAYLIGHT[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:STANDARD[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZOFFSETFROM:+0200[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZOFFSETTO:+0100[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TZNAME:CET[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DTSTART:19701025T030000[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:STANDARD[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VTIMEZONE[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VEVENT[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "LAST-MODIFIED:20141218T180636Z[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DTSTAMP:20141218T180636Z[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "UID:20141217T180433Z-2910@ef431a529be54627[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "SUMMARY:XXXXXXXXX[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "STATUS:CONFIRMED[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DTSTART;TZID=Europe/Berlin:20150130T100000[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DTEND;TZID=Europe/Berlin:20150130T110000[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "X-MOZ-GENERATION:1[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "ACTION:DISPLAY[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TRIGGER;VALUE=DURATION:-P22D[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DESCRIPTION:XXXXXXXXXXXXX[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "ACTION:DISPLAY[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TRIGGER;VALUE=DURATION:-PT21600M[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DESCRIPTION:XXXXXXXXXXXXXXXXXX[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "ACTION:DISPLAY[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TRIGGER;VALUE=DURATION:-PT10080M[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DESCRIPTION:XXXXXXXXXXXXXXXXXX[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "ACTION:DISPLAY[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TRIGGER;VALUE=DURATION:-P29D[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DESCRIPTION:Default Mozilla Description[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "BEGIN:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "ACTION:DISPLAY[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "TRIGGER;VALUE=DURATION:-P2W[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "DESCRIPTION:Default Mozilla Description[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VALARM[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VEVENT[\r][\n]" D/ch.boye.httpclientandroidlib.wire( 2910): http-outgoing-192 << "END:VCALENDAR[\r][\n]" D/davdroid.Event( 2910): Assuming time zone Europe/Berlin for Europe/Berlin D/davdroid.Event( 2910): Assuming time zone Europe/Berlin for Europe/Berlin I/davdroid.SyncManager( 2910): Updating 20141217T180433Z-2910_ef431a529be54627.ics D/davdroid.LocalCalendar( 2910): Adding alarm 31680 min before D/davdroid.LocalCalendar( 2910): Adding alarm 21600 min before D/davdroid.LocalCalendar( 2910): Adding alarm 10080 min before D/davdroid.LocalCalendar( 2910): Adding alarm 41760 min before D/davdroid.LocalCalendar( 2910): Adding alarm 0 min before D/davdroid.LocalCollection( 2910): Committing 8 operations I/davdroid.SyncManager( 2910): Removing non-dirty resources that are not present remotely anymore D/davdroid.LocalCollection( 2910): Committing 1 operations I/davdroid.SyncManager( 2910): Sync complete, fetching new CTag I/davdroid.DavSyncAdapter( 2910): Sync complete for com.android.calendar D/davdroid.DavSyncAdapter( 2910): Closing httpClient

1 / 1

Password stored as plain text in the "accounts.db" file

Similar topics

Tor hidden service: DAVx⁵ failes to connect / Support SOCKS proxy DAVx⁵ • enhancement orbot tor • • bergentroll

Crash when adding account after setting up SRV+TXT records DAVx⁵ • bug • • AutoImport-Emerentius

Reminder of "n WEEKS" saved as "0 minutes" DAVx⁵ • bug • • AutoImport-lmamane

Tor hidden service: DAVx⁵ failes to connect / Support SOCKS proxy
DAVx⁵ • enhancement orbot tor • • bergentroll

Crash when adding account after setting up SRV+TXT records
DAVx⁵ • bug • • AutoImport-Emerentius

Reminder of "n WEEKS" saved as "0 minutes"
DAVx⁵ • bug • • AutoImport-lmamane