Description: Leaks passwords to the logs
Author: Ivan Kohler <ivan@debian.org>
Bug: https://rt.cpan.org/Ticket/Display.html?id=62040
Bug-Debian: https://bugs.debian.org/599712
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=62040
Reviewed-By: Xavier Guimard <x.guimard@free.fr>
Last-Update: 2013-01-06

--- a/AuthenHook.xs
+++ b/AuthenHook.xs
@@ -180,8 +180,8 @@
 
     case OK:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s', password '%s' verified",
-                    user, password);
+                    "Apache::AuthenHook - user '%s' verified",
+                    user);
 
       status = AUTH_GRANTED;
       break;
@@ -196,8 +196,8 @@
 
     default:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s', password '%s' denied",
-                    user, password);
+                    "Apache::AuthenHook - user '%s' denied",
+                    user);
 
       status = AUTH_DENIED;
   };