Username Enumeration Vulnerability in Splunk Enterprise REST API

Username Enumeration Vulnerability in Splunk Enterprise REST API

CVE-2021-33845 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

Learn more about our Api Penetration Testing.