Security

How are passwords encrypted in Splunk?

alexander_lucas
Explorer

What method is used to protect and encrypt passwords in Splunk. For example the "Users" passwords (when Local type of accounts are used).

Is there a way for a root user of the Splunk server to reverse the passwords to plain text?

0 Karma
1 Solution

lguinn2
Legend

There is no way for the root user to reverse the passwords. However, someone with access to $SPLUNK_HOME/etc/passwd could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the passwd file) then the default Splunk login becomes whatever was specified in user-seed.conf. This is usually user: admin and password: changeme.

I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...

View solution in original post

lguinn2
Legend

There is no way for the root user to reverse the passwords. However, someone with access to $SPLUNK_HOME/etc/passwd could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the passwd file) then the default Splunk login becomes whatever was specified in user-seed.conf. This is usually user: admin and password: changeme.

I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...

jrodman
Splunk Employee
Splunk Employee

You can see the information on the algorithms used in etc/passwd in etc/system/README/authentication.conf.spec and etc/system/default/authentication.conf

At the time of this answer, (5.0.x), Splunk was using MD5 with a large number of rounds. Currently we are using SHA512.

pbarbuto
Path Finder

Is Splunk still using the same encryption today or has it changed in spunk 7.x?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...