Ram_T_S
Mar 11, 2021Altostratus
F5 BIG-IP Cookie Remote Information Disclosure (20089)
Hi Team, In recent vulnerability scanning done on the Infra, we found the below vulnerability on server running behind the F5 VIP. F5 BIG-IP Cookie Remote Information Disclosure (20089) I fol...
- Mar 13, 2021
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.
This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.
Follow the steps described in this KB article and you should be good.
It even has a video how to do it :)