01642 06 11 11 Arrange Call

Username Enumeration Vulnerability in Splunk Enterprise REST API

CVE-2021-33845 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

Learn more about our Api Penetration Testing.