diff --git a/lib/private/log/owncloud.php b/lib/private/log/owncloud.php
index 15cace88f4173970f7a5e273e1824c0ef65f89ea..4c86d0e45e0da61a4fe0480fcefe1db7cd1cb6f8 100644
--- a/lib/private/log/owncloud.php
+++ b/lib/private/log/owncloud.php
@@ -68,6 +68,8 @@ class OC_Log_Owncloud {
 				$timezone = new DateTimeZone('UTC');
 			}
 			$time = new DateTime(null, $timezone);
+			// remove username/passswords from URLs before writing the to the log file
+			$message = preg_replace('/\/\/(.*):(.*)@/', '//xxx:xxx@', $message);
 			$entry=array('app'=>$app, 'message'=>$message, 'level'=>$level, 'time'=> $time->format($format));
 			$entry = json_encode($entry);
 			$handle = @fopen(self::$logFile, 'a');