For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Aug 24, 2020
Solved

Application keylogger issue with Datasafe

Dear Experts,   I have been testing the Fraud protection for F5-AWAF in my lab, everything is working fine but i am facing an issue with keyloggers, the password is encrypted fine when inspecting...
ASM Advanced WAF
security
  • LB's avatar
    LB
    Sep 08, 2020

    It can't mask keystrokes captured by a keylogger on the host machine/client if that's what you're asking about. It sounds like it's working as expected (encrypting in browser/L7, encryption in transit, and data is masked in logs).

     

    Features:

    '''

    •  protects sensitive information from interception by encrypting data while it’s still in the browser.
    •  DataSafe encrypts data at the application layer to protect against malware and keyloggers. 
    •  This renders leaked credentials or data useless.

    '''

    -https://support.f5.com/csp/article/K11023343

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Sep 09, 2020

Thanks for the confirmation.