Forum Discussion
Akhtar_109015
Jan 20, 2014Nimbostratus
Blocking Session Management attacks on ASM
hello,
We recently came to know the F5 ASM is not blocking session management attacks which discloses the admin username and password on reply.
May I know if this has something to do with attack...
Michael_Koyfma1
Cirrus
Can you please explain the exact nature of the attack you are referring to? What exactly are you observing?
Akhtar_109015
Jan 20, 2014Nimbostratus
I have uploaded the HTTP request and response snapshots from a PT tool.
In the response from a server we see the password in clear text. Can we tune the ASM policy to track the session and encrypt the passwords in the HTTP responses ?
Akhtar
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects