Forum Discussion

Cirrus

May 01, 2020

Cookie Encyrption Question - I'm confused

Recently we were notified by our Security team that the F5 cookies were not secure and needed to be adjusted. F5 BIG-IP Cookie Remote Information Disclosure (20089) (Tenable scan) I sta...

MVP

May 03, 2020

if you read the Tenable article:

https://www.tenable.com/plugins/nessus/20089

then it does seem to indicate this is about the persistence cookie, so it is weird you say persistence isn't used.

can the security team perhaps show some "proof" about which cookie and for which virtual server this is?

if it is about the F5 cookie, then you don't have to change anything on the http profile, as that is for the backend server cookies.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie Encyrption Question - I'm confused

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Managing iRules configuration

Changes to DO and AS3 GitHub - no longer monitored

Related Content

Question about healthchecks

Cache Confusion

AS3 TLS_Client VS TLS_Server Schema confusion

UCS Encryption Question

Site Launch Frequently Asked Questions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS