CVE-2020-13881

Severity CVSS v4.0:
Pending analysis
Type:
CWE-532 Information Exposure Through Log Files
Publication date:
06/06/2020
Last modified:
05/04/2022

Description

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pam_tacplus_project:pam_tacplus:*:*:*:*:*:*:*:* 1.3.8 (including) 1.5.1 (including)
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:* 2020.1.2 (excluding)