CVE-2020-13881
Published
CVSS v3
7.5
HIGH
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GitHub