CVE-2021-33845: Username enumeration through lockout message in REST API
First published: Fri May 06 2022(Updated: )
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk | >=8.1.0<8.1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-33845?
CVE-2021-33845 is considered a medium severity vulnerability due to its potential to allow username enumeration.
How do I fix CVE-2021-33845?
To mitigate CVE-2021-33845, update your Splunk Enterprise instance to version 8.1.7 or later.
Which versions of Splunk Enterprise are affected by CVE-2021-33845?
CVE-2021-33845 affects Splunk Enterprise versions prior to 8.1.7.
What type of attack does CVE-2021-33845 enable?
CVE-2021-33845 allows attackers to enumerate valid usernames via error messages from the REST API.
Is CVE-2021-33845 related to authentication in Splunk?
Yes, CVE-2021-33845 is related to authentication as it concerns the exposure of usernames during failed login attempts.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/splunk
- canonical/splunk
- version/splunk/8.1.0