← back
CVE-2020-13881

CVE-2020-13881

EPSS 1.7%
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0https://github.com/kravietz/pam_tacplus/issues/149https://lists.debian.org/debian-lts-announce/2020/06/msg00007.htmlhttps://lists.debian.org/debian-lts-announce/2021/08/msg00006.htmlhttps://usn.ubuntu.com/4521-1/https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50http://www.openwall.com/lists/oss-security/2020/06/08/1