Описание
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13881
- https://github.com/kravietz/pam_tacplus/issues/149
- https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
- https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
- https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
- https://usn.ubuntu.com/4521-1
- https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50
- http://www.openwall.com/lists/oss-security/2020/06/08/1
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVSS3: 7.5
nvd
больше 5 лет назад
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVSS3: 7.5
debian
больше 5 лет назад
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...