Known Vulnerabilities for Pam Tacplus by Pam Tacplus Project
Listed below are 3 of the newest known vulnerabilities associated with "Pam Tacplus" by "Pam Tacplus Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-27743 | libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use o... | 9.8 - CRITICAL | 2020-10-26 | 2020-11-02 |
| CVE-2020-13881 | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and j... | 7.5 - HIGH | 2020-06-06 | 2022-04-05 |
| CVE-2016-20014 | In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | 9.8 - CRITICAL | 2022-04-21 | 2022-05-02 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pam Tacplus Project | Pam Tacplus | 1.5.1 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.5.0 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.4.1 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.3.9 | |||
| Application | Pam Tacplus Project | Pam Tacplus | 1.3.8 |