Bypass of Splunk Enterprise's implementation of DUO MFA
Advisory ID: SVD-2022-0504
CVE ID: CVE-2021-26253
Published: 2022-05-03
Last Update: 2022-05-03
CVSSv3.1 Score: 8.1, High
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Bug ID: SPL-172887
Description
A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. For more information on securing Splunk Enterprise logins with DUO MFA, see About Multi Factor Auth.
Solution
Upgrade Splunk Enterprise instances using DUO MFA to 8.1.6 or later.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 8.1 | - | 8.1.5 and earlier | 8.1.6 |
| Splunk Enterprise | 8.2 | - | Not affected | - |
The vulnerability does not impact Splunk Cloud Platform instances.
Acknowledgments
Sanket Bhimani