VYPR
Unrated severityNVD Advisory· Published May 6, 2022· Updated Aug 4, 2024

Username enumeration through lockout message in REST API

CVE-2021-33845

Description

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Splunk/Splunk Enterprisellm-fuzzy2 versions
    <8.1.7+ 1 more
    • (no CPE)range: <8.1.7
    • (no CPE)range: Version(s) before 8.1.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.