Bypass of Splunk Enterprise's implementation of DUO MFA
Advisory ID: SVD-2022-0504
CVSSv3.1 Score: 8.1, High
CVE ID: CVE-2021-26253
Last Update: 2022-05-03
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. For more information on securing Splunk Enterprise logins with DUO MFA, see About Multi Factor Auth.
Upgrade Splunk Enterprise instances using DUO MFA to 8.1.6 or later.
|Product||Version||Affected Versions||Fix Version|
|Splunk Enterprise||8.1||8.1.5 and earlier||8.1.6|
The vulnerability does not impact Splunk Cloud Platform instances.