Forum Discussion

Nimbostratus

Apr 24, 2014

AD auth with OTP - browser refresh issue

Hi, We're trying to implement AD auth with OTP solution using standard APM policy. Our pentesters found out that it's possible to use browser refresh to retrieve user AD credentials. Initial reques...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Jun 21, 2014

Evgeny, the issue is that the browser is caching your form input data (which it shouldn't do for password fields). This is not an issue with APM and trying to solve it with complex customizations is probably the wrong way to go.

I not sure what test environment your auditor used but I am not able to reproduce this in IE, Chrome, Firefox or Safari.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)