Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Pam Tacplus Project Subscribe
Filtered by product Pam Tacplus
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-20014 1 Pam Tacplus Project 1 Pam Tacplus 2022-05-02 7.5 HIGH 9.8 CRITICAL
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2020-13881 4 Arista, Canonical, Debian and 1 more 4 Cloudvision Portal, Ubuntu Linux, Debian Linux and 1 more 2022-04-05 4.3 MEDIUM 7.5 HIGH
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE-2020-27743 1 Pam Tacplus Project 1 Pam Tacplus 2020-11-02 7.5 HIGH 9.8 CRITICAL
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.