Skip to main content

Pam Tacplus

2 CVEs product

Monthly

CVE-2020-27743 CRITICAL Act Now

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pam Tacplus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-13881 HIGH PATCH This Week

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pam Tacplus Debian Linux Ubuntu Linux Cloudvision Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
EPSS 2% CVSS 9.8
CRITICAL Act Now

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pam Tacplus
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pam Tacplus Debian Linux +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy