diff --git a/AUTHORS b/AUTHORS
index ef764e56..0d4abc0d 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -2,3 +2,5 @@ Jack Moffitt <jack@icecast.org>
 Michael Smith <msmith@icecast.org>
 oddsock <oddsock@xiph.org>
 Karl Heyes <karl@xiph.org>
+Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
+Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>
diff --git a/ChangeLog b/ChangeLog
index acd3ec1a..90a85ffa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2011-11-25 21:20  ph3-der-loewe
+
+	* trunk/icecast/AUTHORS, trunk/icecast/src/cfgfile.c.
+	  trunk/icecast/src/connection.c: Allow the source password
+	  to be undefined. This is to avoid falling back to a default
+	  password which may open security holes.
+
+----------------------------------------------------------------------
+	Everything above is post 2.3.2. The stuff below is incomplete.
+	The time zone above is UTC, the time zone below is unknown.
+	ph3-der-loewe, Fri Nov 25 21:20:58 UTC 2011
+----------------------------------------------------------------------
 2005-11-29 03:06  karl
 
 	* trunk/icecast/src/auth_url.c: update for authentication header
diff --git a/src/cfgfile.c b/src/cfgfile.c
index 17962686..40149cfd 100644
--- a/src/cfgfile.c
+++ b/src/cfgfile.c
@@ -8,6 +8,8 @@
  *                      oddsock <oddsock@xiph.org>,
  *                      Karl Heyes <karl@xiph.org>
  *                      and others (see AUTHORS for details).
+ * Copyright 2011,      Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
+                        Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>.
  */
 
 #ifdef HAVE_CONFIG_H
diff --git a/src/connection.c b/src/connection.c
index 09a25d6e..57be84a7 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -8,6 +8,7 @@
  *                      oddsock <oddsock@xiph.org>,
  *                      Karl Heyes <karl@xiph.org>
  *                      and others (see AUTHORS for details).
+ * Copyright 2011,      Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
  */
 
 /* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */
@@ -1168,7 +1169,12 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
         if (mountinfo && mountinfo->password)
             source_password = strdup (mountinfo->password);
         else
-            source_password = strdup (config->source_password);
+        {
+            if (config->source_password) 
+                source_password = strdup (config->source_password);
+            else
+                source_password = NULL;
+        }
         config_release_config();
 
         /* Get rid of trailing \r\n or \n after password */
@@ -1198,7 +1204,7 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
         }
         *ptr = '\0';
 
-        if (strcmp (client->refbuf->data, source_password) == 0)
+        if (source_password && strcmp (client->refbuf->data, source_password) == 0)
         {
             client->respcode = 200;
             /* send this non-blocking but if there is only a partial write