Forum Discussion
Ram_T_S
Altostratus
AltostratusF5 BIG-IP Cookie Remote Information Disclosure (20089)
Hi Team, In recent vulnerability scanning done on the Infra, we found the below vulnerability on server running behind the F5 VIP. F5 BIG-IP Cookie Remote Information Disclosure (20089) I fol...
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.
This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.
Follow the steps described in this KB article and you should be good.
It even has a video how to do it :)
Daniel_Wolf
MVP
MVPDon't get me wrong, but from experience... does the VIP have a cookie persistence profile assigned?
What kind of cookie persistence method do you use with that VIP?
Can you compare the cookies when encryption is enabled / disabled?
I would try to validate with all the above checks that the vulnerability scan is not reporting a false positive.
EDIT: Also compare when cookie encryption is enabled / disabled in the http profile.