CVE-2020-13881

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
pam_tacplus_projectpam_tacplus
1.3.8 ≤
𝑥
≤ 1.5.1
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
20.04
aristacloudvision_portal
𝑥
< 2020.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpam-tacplus
noble
dne
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
Fixed 1.3.8-2+deb8u1build0.20.04.1
released
eoan
ignored
bionic
Fixed 1.3.8-2+deb8u1build0.18.04.1
released
xenial
Fixed 1.3.8-2+deb8u1build0.16.04.1
released
trusty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/06/08/1
https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
https://github.com/kravietz/pam_tacplus/issues/149
https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
https://usn.ubuntu.com/4521-1/
https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50
http://www.openwall.com/lists/oss-security/2020/06/08/1
https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
https://github.com/kravietz/pam_tacplus/issues/149
https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
https://usn.ubuntu.com/4521-1/
https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50