Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pam Tacplus Project Security Vulnerabilities

cve
cve

CVE-2016-20014

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

9.8CVSS

9.4AI Score

0.002EPSS

2022-04-21 04:15 AM
35
cve
cve

CVE-2020-13881

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

7.5CVSS

7.4AI Score

0.003EPSS

2020-06-06 07:15 PM
103
4
cve
cve

CVE-2020-27743

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.

9.8CVSS

9.1AI Score

0.002EPSS

2020-10-26 10:15 PM
32