The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances prior to 8.1.7 when configured to repress verbose login errors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
splunk splunk |