For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NetWork's avatar
NetWork
Icon for Nimbostratus rankNimbostratus
Dec 09, 2020

F5 Device Administration/configuration - Vulnerabilities

Can someone help me to understand using self-signed certificate for BIGIP LTM box falls in non-compliant as long as our device will be accessed only by network administrators?
application delivery
BIG-IP
LTM
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Dec 12, 2020

Hello NetWork.

 

Self-signed certificates cannot be used to authenticate sites.

Base on this, someone accesing one specific device cannot be sure that the device which is accesing belong to the person/company that user thinks it belongs.

 

To be more precise, someone could be performing a MITM attack in that communication and you couldn't be aware of that.

 

Regards,

Dario.