* Posts by johnmark

1 post • joined 29 Apr 2010

Users' passwords exposed by Splunk


Some facts

Just to clear up some misconceptions...

1. Last week, due to some temporary debug code that was promptly removed, we discovered that some splunk.com users’ passwords inadvertently appeared in our internal web server logs.

2. No one’s password was accessible from the internet or the splunk.com web site, and we took immediate steps to purge the confidential information from our internal system logs.

3. Our internal IT team that monitors the Splunk.com site logs are the only employees who would have temporarily been able to see these passwords.

4. This applies only to passwords on our web site, splunk.com, and did not impact anyone’s deployment of Splunk software or the data stored in customers’ instances of Splunk.

5. We proactively reset all potentially affected users’ passwords; cleared all of these users’ active sessions on splunk.com; purged the information from all internal log files; and then notified all affected users, sending them a new temporary password. This was a precaution.

No, we don't normally leave clear text passwords in the logs - web monkeys have been appropriately flogged.

Feel free to ask me any questions or see the updated blog post here: http://blogs.splunk.com/2010/04/24/splunk-com-password-leak/


John Mark Walker

Splunk Community Guy



Biting the hand that feeds IT © 1998–2017