Known Vulnerabilities for Pam Tacplus by Pam Tacplus Project
Listed below are 3 of the newest known vulnerabilities associated with "Pam Tacplus" by "Pam Tacplus Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-27743 json | libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use o... | 9.8 - CRITICAL | 2020-10-26 | 2020-11-02 |
| CVE-2020-13881 json | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and j... | 7.5 - HIGH | 2020-06-06 | 2022-04-05 |
| CVE-2016-20014 json | In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | 9.8 - CRITICAL | 2022-04-21 | 2022-05-02 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pam Tacplus Project | Pam Tacplus | 1.5.1 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.5.0 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.4.1 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.3.9 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.3.8 |