When I tried to figure out a LDAP sign in issue, I realized, that the log file frappe-bench/logs/frappe.log contains the password in clear text.
2021-05-29 16:57:45,533 ERROR frappe New Exception collected with id: 2021-05-29 16:57:45.371176-127.0.0.1-503
Site: erp.alephnet.ai
Form Dict: {'cmd': 'frappe.integrations.doctype.ldap_settings.ldap_settings.login', 'usr': 'user.name@domain.com', 'pwd': 'COMPLEXPASSWORD', 'device': 'desktop'}
This seams to be a very dangerous security issue that should be fixed immediately! There should be no password in the log, neither in hashed form and especially not in cleartext.