Known Vulnerabilities for products from Pam Tacplus Project
Listed below are 3 of the newest known vulnerabilities associated with the vendor "Pam Tacplus Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-27743 | libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use o... | 9.8 - CRITICAL | 2020-10-26 | 2020-11-02 |
| CVE-2020-13881 | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and j... | 7.5 - HIGH | 2020-06-06 | 2022-04-05 |
| CVE-2016-20014 | In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | 9.8 - CRITICAL | 2022-04-21 | 2022-05-02 |
Known software with vulnerabilities from Pam Tacplus Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pam Tacplus Project | Pam Tacplus | 1.3.8 |