Vulnerability Details CVE-2020-13881
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2020/06/08/1
- https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
- https://github.com/kravietz/pam_tacplus/issues/149
- https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
- https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
- https://usn.ubuntu.com/4521-1/
- https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50
- http://www.openwall.com/lists/oss-security/2020/06/08/1
- https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
- https://github.com/kravietz/pam_tacplus/issues/149
- https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
- https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
- https://usn.ubuntu.com/4521-1/
- https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50
Products affected by CVE-2020-13881
-
cpe:2.3:a:arista:cloudvision_portal:2015.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2015.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.1
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.0.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.2
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.4
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.2
-
cpe:2.3:a:pam_tacplus_project:pam_tacplus:1.3.8
-
cpe:2.3:a:pam_tacplus_project:pam_tacplus:1.3.9
-
cpe:2.3:a:pam_tacplus_project:pam_tacplus:1.4.1
-
cpe:2.3:a:pam_tacplus_project:pam_tacplus:1.5.0
-
cpe:2.3:a:pam_tacplus_project:pam_tacplus:1.5.1
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0