Splunk Enterprise Multiple Version Information Disclosure
Posted by deepcore on April 4, 2017 – 3:48 am
Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks.
Post a reply
You must be logged in to post a comment.