Skip to main content

SPLUNK / PRODUCT SECURITY / SVD-2022-0504

Bypass of Splunk Enterprise's implementation of DUO MFA

Advisory ID: SVD-2022-0502

Published: 2022-05-03

CVSSv3.1 Score: 8.1, High

CWE: CWE-287

CVE ID: CVE-2021-26253

Last Update: 2022-05-03

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. For more information on securing Splunk Enterprise logins with DUO MFA, see About Multi Factor Auth

Solution

Upgrade Splunk Enterprise instances using DUO MFA to 8.1.6 or later.


Product Version Affected Versions Fix Version
Splunk Enterprise 8.2 - 8.2.0
Splunk Enterprise 8.1 8.1.0 and earlier 8.1.6

The vulnerability does not impact Splunk Cloud Platform instances.

Acknowledgments

Sanket Bhimani