Forum Discussion

Nimbostratus

Jan 20, 2014

Blocking Session Management attacks on ASM

hello, We recently came to know the F5 ASM is not blocking session management attacks which discloses the admin username and password on reply. May I know if this has something to do with attack...

application attacks

asm application security manager

Cirrus

Jan 20, 2014

Can you please explain the exact nature of the attack you are referring to? What exactly are you observing?

Akhtar_109015
Nimbostratus
Jan 20, 2014
I have uploaded the HTTP request and response snapshots from a PT tool. In the response from a server we see the password in clear text. Can we tune the ASM policy to track the session and encrypt the passwords in the HTTP responses ? Akhtar

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Blocking Session Management attacks on ASM

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Minimizing Security Complexity: Managing Distributed WAF Policies

Re: Management Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS