CVE-2019-5729 – Splunk Python SDK Improper TLS Server Certificate Verification Vulnerability(2nd Apr 2019)

Preface: Splunk is powerful, it can extract cookie of web connections. If client connection still alive, hacker can hijack and get the connection.

Vulnerability details: A vulnerability in Splunk Python SDK could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass access restrictions on the system.

Design weakness: Due to improper verification of untrusted TLS server certificates

Remedy: Splunk has released software updates (refer url) – https://github.com/splunk/splunk-sdk-python/releases

6 thoughts on “CVE-2019-5729 – Splunk Python SDK Improper TLS Server Certificate Verification Vulnerability(2nd Apr 2019)”

  1. We are a group of volunteers and opening a new scheme in our community. Your website provided us with valuable info to work on. You’ve done an impressive job and our whole community will be thankful to you.|

  2. What i do not realize is if truth be told how you are now not actually much more neatly-favored than you may be right now. You are very intelligent. You understand therefore considerably in terms of this topic, produced me for my part consider it from a lot of various angles. Its like men and women are not interested unless it’s one thing to accomplish with Lady gaga! Your own stuffs great. At all times take care of it up!|

  3. Magnificent goods from you, man. I have take into account your stuff previous to and you’re just too excellent. I really like what you have got right here, really like what you’re stating and the way in which in which you are saying it. You’re making it enjoyable and you still take care of to keep it smart. I can’t wait to learn far more from you. That is really a wonderful web site.|

  4. Just want to say your article is as surprising. The clearness for your post is simply cool and i can think you’re an expert on this subject. Fine with your permission allow me to clutch your feed to keep updated with impending post. Thanks 1,000,000 and please keep up the enjoyable work.|

  5. At this time it sounds like WordPress is the preferred blogging platform available right now. (from what I’ve read) Is that what you’re using on your blog?|

  6. I must thank you for the efforts you have put in penning this blog. I’m hoping to check out the same high-grade content by you later on as well. In truth, your creative writing abilities has encouraged me to get my own blog now ;)|

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.