Operational Defect Database
BugZero found this defect 881 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1065681
Sensitive data is not masked under certain conditions.
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP ASM
Affected releases:
15.1.0
15.1.0.1
15.1.0.2
15.1.0.3
15.1.0.4
15.1.0.5
15.1.1
15.1.2
15.1.2.1
15.1.3
15.1.3.1
15.1.4
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1065681: Sensitive data is not masked under certain conditions. ... Sensitive data (or part of it) is visible in the request logs or the remote log. ... Impact ... Sensitive data is visible in the log. ... Conditions ... A parameter that is defined as a JSON profile. ... That profile has the parse parameters flag set. ... There are 2 possible workarounds: 1. ... Make the parameter that contains the json a sensitive parameter. ... 2. In the json profile attached to the parameter, uncheck the parse parameters flag. ... You will see a tab of sensitive data added in the UI. ... In that tab, explicitly add the JSON element as a sensitive element.
