Login page user name and password visible in Browser.

Question

We have Public website, where we manage authentication for users. During Our Audit we found, Username and password are visible in logs of browser.

We need hide it for all users. Do we have option in F5 AWAF?

daniel_wolf · Answer

Hi Ironman,&nbsp;I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers. &nbsp;Take a look at the WAF manual: Encrypting Data on the Application LevelAnd there is a great lab guide from the Agility 2021 that would guide you through the process:Lab 3.1: DataSafe&nbsp;KRDaniel

Forum Discussion

Login page user name and password visible in Browser.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Visibility and Orchestration

Password Safety & Security: Passwords vs. Passphrases

Post-Breach Analysis: Sophistication and Visibility

Automate scp transfers using password

Implementing BIG-IP WAF logging and visibility with ELK

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS