3 matches found
CVE-2020-13881
CVE-2020-13881 affects pam_tacplus where the TACACS+ shared secret is logged via journald/syslog when DEBUG is enabled. The initial description notes logging of the shared secret for versions 1.3.8–1.5.1. Connected advisories confirm affected packages and provide remediation: Debian/Ubuntu adviso...
CVE-2020-27743
The CVE-2020-27743 entry affects libtac in pam_tacplus up to version 1.5.1, where RAND_bytes()/RAND_pseudo_bytes() failures are not checked. This can allow a non-random/predictable session_id, enabling partial confidentiality/integrity risk as described in the CVE. Affected platforms include Phot...
CVE-2016-20014
CVE-2016-20014 affects pam_tacplus (pam_tacplus.c) before version 1.4.1, where pam_sm_acct_mgmt does not zero out the arep data structure. Root cause: the arep data structure is not cleared, which is the basis for the vulnerability. The provided connected documents do not specify affected vendor ...