Pam Tacplus Project Pam Tacplus — known CVE vulnerabilities
Every CVE whose affected-product data names Pam Tacplus Project Pam Tacplus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-27743 — CVSS 9.8 (critical): libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a…
CVE-2020-13881 — CVSS 7.5 (high): In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are…