CVE-2021-26253

Summary

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk EnterpriseVersion(s) before 8.1.6affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References