kravietz/pam_tacplus

GitHub

github.com

Releases10

Frequency11 months 2 weeks

Last Release over 3 years ago

Stars141

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-20014 ↗	Apr 21, 2022Thursday, 21 April 2022, 04:15	9.8 CRITICAL	7.5 HIGH
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2020-27743 ↗	Oct 26, 2020Monday, 26 October 2020, 22:15	9.8 CRITICAL	7.5 HIGH
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
CVE-2020-13881 ↗	Jun 6, 2020Saturday, 6 June 2020, 19:15	7.5 HIGH	4.3 MEDIUM
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.