CVE-2020-13881

Published: 06 June 2020

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libpam-tacplus
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needs triage

Ubuntu 20.04 LTS (Focal Fossa)
Released (1.3.8-2+deb8u1build0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.3.8-2+deb8u1build0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.3.8-2+deb8u1build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0