CVE-2020-13881

Published: Jun 6, 2020
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-13881" target="_blank" rel="noopener"> CVE-2020-13881
Severity: High
Exploit:

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
pam_tacplus_project / pam_tacplus	1.3.8	1.5.1.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x
arista / cloudvision_portal	-	2020.1.2