CVE-2021-26253: Bypass of Splunk Enterprise's implementation of DUO MFA
First published: Fri May 06 2022(Updated: )
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk | >=8.1.0<8.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-26253?
The severity of CVE-2021-26253 is considered high due to its potential to bypass multi-factor authentication in Splunk Enterprise versions before 8.1.6.
How do I fix CVE-2021-26253?
To fix CVE-2021-26253, upgrade your Splunk Enterprise to version 8.1.6 or later.
Who is affected by CVE-2021-26253?
CVE-2021-26253 affects Splunk Enterprise instances that are configured to use DUO MFA and are running versions prior to 8.1.6.
What functionalities does CVE-2021-26253 impact?
CVE-2021-26253 impacts the multi-factor authentication mechanism within Splunk Enterprise when using DUO MFA.
Is there a workaround for CVE-2021-26253?
Currently, there is no documented workaround for CVE-2021-26253, so upgrading to the fixed version is recommended.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/splunk
- canonical/splunk
- version/splunk/8.1.0