Vigil@nce - pam_tacplus : information disclosure via Logged Shared Secret
août 2020 par Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer-vulnerabilities-watch-and-alert
SYNTHESIS OF THE VULNERABILITY
Impacted products : Debian.
Severity : 2/4.
Consequences : user access/rights, data reading.
Provenance : user shell.
Confidence : confirmed by the editor (5/5).
Creation date : 08/06/2020.
DESCRIPTION OF THE VULNERABILITY
An attacker can bypass access restrictions to data via Logged
Shared Secret of pam_tacplus, in order to obtain sensitive
information.
ACCESS TO THE FULL VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/pam-tacplus-information-disclosure-via-Logged-Shared-Secret-32463