Forum Discussion
Muhannad
Cirrus
CirrusApplication keylogger issue with Datasafe
Dear Experts,
I have been testing the Fraud protection for F5-AWAF in my lab, everything is working fine but i am facing an issue with keyloggers, the password is encrypted fine when inspecting the values in the web developers tool and it is encrypted when installing the keylogger as an extension in the chrome.
But it is encrypting the password when i have installed a keylogger application, i am still able to see the password in plain text, checking the documents below:
They mentioned the following: Select the Enabled check box for the Keylogger Protection setting.When this setting is enabled, the system protects against in-browser key loggers.
Does this means that datasafe is not working with keyloggers applications?
Regards,
Muhannad
It can't mask keystrokes captured by a keylogger on the host machine/client if that's what you're asking about. It sounds like it's working as expected (encrypting in browser/L7, encryption in transit, and data is masked in logs).
Features:
'''
- protects sensitive information from interception by encrypting data while it’s still in the browser.
- DataSafe encrypts data at the application layer to protect against malware and keyloggers.
- This renders leaked credentials or data useless.
'''
-https://support.f5.com/csp/article/K11023343
LBIt can't mask keystrokes captured by a keylogger on the host machine/client if that's what you're asking about. It sounds like it's working as expected (encrypting in browser/L7, encryption in transit, and data is masked in logs).
Features:
'''
- protects sensitive information from interception by encrypting data while it’s still in the browser.
- DataSafe encrypts data at the application layer to protect against malware and keyloggers.
- This renders leaked credentials or data useless.
'''
-https://support.f5.com/csp/article/K11023343
MuhannadThanks for the confirmation.