Deastoe

**Name of the Vulnerable Software and Affected Versions** pam tacplus versions through 1.5.1 **Description** The issue is related to a lack of check for a failure of `RAND bytes()`/`RAND pseudo bytes()` in libtac, which could lead to the use of a non-random or predictable `session id`. **Recommendations** For versions through 1.5.1, update to a version that includes a fix for this issue, as using a non-random `session id` could pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.