CVE-2020-13881
Published: 6 June 2020
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
libpam-tacplus Launchpad, Ubuntu, Debian |
bionic |
Released
(1.3.8-2+deb8u1build0.18.04.1)
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(1.3.8-2+deb8u1build0.20.04.1)
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Needs triage
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1.3.8-2+deb8u1build0.16.04.1)
|
|
|
Patches: upstream: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 |
||