Forum Discussion
F5 BIG-IP Cookie Remote Information Disclosure (20089)
- Mar 13, 2021
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.
This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.
Follow the steps described in this KB article and you should be good.
It even has a video how to do it :)
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.
This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.
Follow the steps described in this KB article and you should be good.
It even has a video how to do it :)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com