mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-30 06:46:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules/module-raop
History
Wim Taymans ebbc9acc90 security: downgrade RAOP auth logging from info to debug level 
Information Disclosure: High

The RTSP client logs all HTTP headers and full RTSP request messages
at INFO level, which includes Authorization headers containing
credentials (Base64-encoded for Basic auth, hash responses for Digest
auth). The WWW-Authenticate challenge header with realm and nonce
values is also logged at INFO level.

INFO-level logs are commonly collected by system logging daemons and
may be stored in world-readable log files, exposing credentials.

Downgrade all three logging calls to DEBUG level, which is only
enabled during explicit debugging sessions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-27 11:02:48 +02:00
..
base64.h module-raop: move base64 to separate file 2026-02-26 12:00:31 +01:00
rtsp-client.c security: downgrade RAOP auth logging from info to debug level 2026-04-27 11:02:48 +02:00
rtsp-client.h *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00