libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
CPE | Name | Operator | Version |
---|---|---|---|
pam_tacplus | eq | 1.5.0-beta.1 | |
pam_tacplus | eq | 1.5.1 | |
pam_tacplus | eq | 1.3.8 | |
pam_tacplus | eq | 1.3.9 | |
pam_tacplus | eq | 1.4.1 |