Vulnerabilities (CVE)

Filtered by vendor Pam Tacplus Project Subscribe

Filtered by product Pam Tacplus

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-20014	1 Pam Tacplus Project	1 Pam Tacplus	2022-05-02	7.5 HIGH	9.8 CRITICAL
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2020-13881	2 Debian, Pam Tacplus Project	2 Debian Linux, Pam Tacplus	2021-08-04	4.3 MEDIUM	7.5 HIGH
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE-2020-27743	1 Pam Tacplus Project	1 Pam Tacplus	2020-11-02	7.5 HIGH	9.8 CRITICAL
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.