CVE-2020-13881
Published: 06 June 2020
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
libpam-tacplus Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.3.8-2+deb8u1build0.20.04.1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.3.8-2+deb8u1build0.18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.3.8-2+deb8u1build0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Patches: Upstream: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 |