2 matches found
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
RustFS's RPC signature verification logs shared secret
Summary Invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. Details In crates/ecstore/src/rpc/httpauth.rs:115-122 , the invalid signature branch logs sensitive data: rs if signature !=...