Pamtacplusproject Pam Tacplus
By the Year
In 2024 there have been 0 vulnerabilities in Pamtacplusproject Pam Tacplus . Pam Tacplus did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 9.80 |
2021 | 0 | 0.00 |
2020 | 2 | 8.65 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Pam Tacplus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pamtacplusproject Pam Tacplus Security Vulnerabilities
In pam_tacplus.c in pam_tacplus before 1.4.1
CVE-2016-20014
9.8 - Critical
- April 21, 2022
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes()
CVE-2020-27743
9.8 - Critical
- October 26, 2020
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
Use of Insufficiently Random Values
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged
CVE-2020-13881
7.5 - High
- June 06, 2020
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Arista Cloudvision Portal or by Pamtacplusproject? Click the Watch button to subscribe.