Vulnerabilities > CVE-2021-33845 - Information Exposure Through Discrepancy vulnerability in Splunk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- https://research.splunk.com/application/splunk_user_enumeration_attempt/
- https://research.splunk.com/application/splunk_user_enumeration_attempt/
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html