Splunk accidentally exposes user passwords

By on

Follows debug code implementation.

Splunk has issued a warning to some of its users that their passwords were accidentally exposed in clear text.

In a message sent to Splunk users, Lionel Hartmann, VP of support for the company, confirmed that some debug code was unintentionally implemented on the production splunk.com website which exposed a small number of passwords in its web server's error log.

He said: “The splunk.com team has corrected the issue and has improved their change process to prevent similar issues from occurring in the future. In an abundance of caution, we have reset all affected users' passwords and cleared all affected users' active sessions on splunk.com.”

He also recommended that password vault users will need to update their splunk.com password in these locations, and if they have used the old password on other systems or websites, they should change them and retire their old splunk.com password.

In a blog update, Splunk's Matt Green confirmed that the debug code made its way onto the production web servers, and resulted in the logging of user's passwords.

He said: “Obviously this is bad and we immediately took action to prevent future logins from being recorded in the open. We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment.”

Graham Cluley, senior technology consultant at Sophos, said: “It's not clear from the warning sent out by Splunk how long passwords were exposed for, but there's obviously a concern that if hackers had managed to stumble across the login details they could have tried to use them on other websites where users might use the same password.

“In this case that could have been particular bad for enterprises, as Splunk's typical users have key roles inside an organisation's IT infrastructure and may have access to a number of critical systems and sensitive data.”

He praised Splunk's course of action of changing affected users' passwords, rather than waiting for users to do it themselves.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
accidentally code debug exposes following implementation passwords security splunk user

Sponsored Whitepapers

Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)

Events

Most Read Articles

Perth Mint CIO leaves after five months

Perth Mint CIO leaves after five months
Gravatar profile add-on leaks data on millions of users

Gravatar profile add-on leaks data on millions of users
Microsoft becomes 'certified strategic' cloud provider

Microsoft becomes 'certified strategic' cloud provider
Aussie Broadband makes formal $344m bid for Over The Wire

Aussie Broadband makes formal $344m bid for Over The Wire

Digital Nation

Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
COVER STORY: Automation drives marketing success but complexity torments delivery
COVER STORY: Automation drives marketing success but complexity torments delivery
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture

Log In

Email:
Password:
  |  Forgot your password?