CVE-2021-33845

Summary

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk EnterpriseVersion(s) before 8.1.7affected

Weaknesses

  • CWE-203: CWE-203

ADP Enrichment

CVE Program Container

Additional References

References