1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Description: Leaks passwords to the logs
Author: Ivan Kohler <ivan@debian.org>
Bug: https://rt.cpan.org/Ticket/Display.html?id=62040
Bug-Debian: https://bugs.debian.org/599712
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=62040
Reviewed-By: Xavier Guimard <x.guimard@free.fr>
Last-Update: 2013-01-06
--- a/AuthenHook.xs
+++ b/AuthenHook.xs
@@ -180,8 +180,8 @@
case OK:
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
- "Apache::AuthenHook - user '%s', password '%s' verified",
- user, password);
+ "Apache::AuthenHook - user '%s' verified",
+ user);
status = AUTH_GRANTED;
break;
@@ -196,8 +196,8 @@
default:
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
- "Apache::AuthenHook - user '%s', password '%s' denied",
- user, password);
+ "Apache::AuthenHook - user '%s' denied",
+ user);
status = AUTH_DENIED;
};
|
