Security

Splunk 7.3.0 : Nessus scan vulnerability reported on splunk ports

Saravanakumar
Observer

Observation

The Nessus scan detected few certificate errors on the Splunk ports 8089 (management port), 8000(web-UI) and  8191(MONGOD).  

The certificate errors are

         (1) SSL Self-Signed Certificate,

        (2) SSL Certificate Cannot Be Trusted

        (3) SSL Certificate Signed Using Weak Hashing Algorithm.

The error (1) and (2) are happened due to self signed certificate and the error (3) happened, due to singed with SHA1 algorithm.

Action Taken:

Issue:

For 8089 and 8191,  seems it use the default certificate and keys present in the directory “/opt/splunk/etc/auth/”.

For splunk fresh installation, the default certificates and keys are generated with “sha256WithRSAEncryption”. This looks good.

But, the same splunk version installed few years back is singed with SHA1.  We removed /opt/splunk/etc/auth/server.pem and restarted splunkd. The new server.pem is generated with SHA256.

Questions:

(1) Other server.pem, the remaining various default certificate present in /opt/splunk/etc/auth/ directory are singed with SHA1.  How these can be converted to SHA256.  Can you please help us regarding the procedure for this ?

(2) Can you please clarify which certificate and keys are used for  8089 and 8191 ?

(3) We are Splunk licensed customer. Is splunk team is providing a way to sign and make the certificate trusted?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...