Forum Discussion

Cirrus

May 01, 2020

Cookie Encyrption Question - I'm confused

Recently we were notified by our Security team that the F5 cookies were not secure and needed to be adjusted. F5 BIG-IP Cookie Remote Information Disclosure (20089) (Tenable scan) I sta...

MVP

May 03, 2020

if you read the Tenable article:

https://www.tenable.com/plugins/nessus/20089

then it does seem to indicate this is about the persistence cookie, so it is weird you say persistence isn't used.

can the security team perhaps show some "proof" about which cookie and for which virtual server this is?

if it is about the F5 cookie, then you don't have to change anything on the http profile, as that is for the backend server cookies.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie Encyrption Question - I'm confused

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Cache Confusion

AS3 TLS_Client VS TLS_Server Schema confusion

UCS Encryption Question

Site Launch Frequently Asked Questions

F5 Connection Mirroring question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS