swauth is vulnerable to authentication bypass. Attackers can use a request token from the log file, to use in the X-Auth-Token
header of a new request. The tokens are present in the logs because they are being saved unhashed as a part of a GET URI.