VYPR
Vendor

pam_tacplus

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2016-20014CriApr 21, 2022
    risk 0.57cvss 9.8epss 0.01

    In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

  • CVE-2020-27743CriOct 26, 2020
    risk 0.00cvss 9.8epss 0.02

    libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.