libtac in pam_tacplus up to and including 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pam tacplus project pam tacplus |