F5 ASM logs : Passwords appear in clear text

Question

We have syslog servers configured. We recently observed that on ASM requests logs that are being forwarded to syslog servers, the password parameter value is given in clear text on the /owa/auth requests.

I observed that mostly the requests which get blocked have the values being displayed in clear text. while genuine traffic requests have the same values sanitized/encrypted.

The parameters mentioned are already given as sensitive parameters in the policy.

Need to know if this is normal behaviour for F5

Thanks,

Arjun

dario_garrido · Answer

Also thishttps://support.f5.com/csp/article/K52154401

dario_garrido · Answer

Hello.&nbsp;I recommend you to check this -&gt;https://devcentral.f5.com/s/question/0D51T00006j3Rwg/asm-hide-parameter-sensitive-data-in-the-logs&nbsp;Let us know if it doesn't help.&nbsp;KR,Dario.

arjun · Answer

Hi Dario, Thank you for the reference links. I am currently running the version 13.1.1 and the option mentioned in the F5 Article is not available yet. Moreover already we have sensitive data enabled and the URL with the parameter is having "Request Body Handling" to Form DATA.

Is there anything else we need to check.

dario_garrido · Answer

Try to open a support case.

Forum Discussion

F5 ASM logs : Passwords appear in clear text

Recent Discussions

How to Renew F5 Device Certificate

SNI Sites not taking correct certificate.

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

Pwned Passwords Check

Ansible module to update BIG-IP root/admin passwords

Rustls with NGINX, Password Based Key Exchange, & Llama Drama

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS