Splunk Server Attack: Get Local File Access

“Local File Access takes advantage of a common Splunk misconfiguration, where the Splunk server runs as a privileged user account, or root/SYSTEM. By accessing Splunk as a root user, I hope to be able to read all the files stored on the local file system.”
-Ryan, TBG Security‘s Director of Security Engineering


 

Get In Touch

Have a question? We’re here to help.

Contact Us