Forum Discussion

Altostratus

Mar 10, 2021

Solved

F5 BIG-IP Cookie Remote Information Disclosure (20089)

Hi Team, In recent vulnerability scanning done on the Infra, we found the below vulnerability on server running behind the F5 VIP. F5 BIG-IP Cookie Remote Information Disclosure (20089) I fol...

LTM

security

Daniel_Wolf
Mar 13, 2021
Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.

This process is described here: K6917: Overview of BIG-IP persistence cookie encoding
and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.

Follow the steps described in this KB article and you should be good.
K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile
It even has a video how to do it :)

Daniel_Wolf

MVP

Mar 13, 2021

Update: today morning I googled the title and id, they appear to be from Nessus (ID 20089) and they are related to how BIG-IP systems are encoding the IP address and port number in persistence cookies.

This process is described here: K6917: Overview of BIG-IP persistence cookie encoding

and the encoding can easily be reversed. This could give a malicious actor access to sensitive information regarding your internal networks.

Follow the steps described in this KB article and you should be good.

K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

It even has a video how to do it :)