F5 BIG-IP Cookie Remote Information Disclosure (20089)
Hi Team,
In recent vulnerability scanning done on the Infra, we found the below vulnerability on server running behind the F5 VIP.
F5 BIG-IP Cookie Remote Information Disclosure (20089)
I followed the https://support.f5.com/csp/article/K14784?sr=45997495 article to encrypt the cookies
But still the vulnerability appears on the scanning
I have 2 questions:
- How to capture the packets from my side to show the client that the encryption is happening on the F5 side
- Is there any other solution for this Vulnerability
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.
This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.
Follow the steps described in this KB article and you should be good.
It even has a video how to do it :)