Your submission was sent successfully! Close

CVE-2020-13881

Published: 6 June 2020

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libpam-tacplus
Launchpad, Ubuntu, Debian
bionic
Released (1.3.8-2+deb8u1build0.18.04.1)
eoan Ignored
(reached end-of-life)
focal
Released (1.3.8-2+deb8u1build0.20.04.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (1.3.8-2+deb8u1build0.16.04.1)
Patches:
upstream: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0