Forum Discussion
Login page user name and password visible in Browser.
Hi Ironman,
I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.
If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers.
Take a look at the WAF manual: Encrypting Data on the Application Level
And there is a great lab guide from the Agility 2021 that would guide you through the process:
KR
Daniel
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com