Forum Discussion
0_168831
Nimbostratus
NimbostratusSomeone claiming "User Enumeration Flaw" in BIG-IQ, pretty sure its intended behavior
Recently came across this post it's kind of hard to understand, but I'm almost sure that this is the intended behavior of the REST API considering you have to log in to access the URL. I think it's k...
Max_Q_factor
Cirrocumulus
CirrocumulusI think it might be best to drop an e-mail to technical support, or security-reporting@f5.com to get an official response based on SOL4602: Overview of the F5 security vulnerability response policy
0_168831I don't have an official support contract with F5, I'm merely doing security research, do you think they would still respond?- Max_Q_factorYes, security-reporting@f5.com is specifically setup to interact with people who are not F5 customers.
- 0_168831Awesome, thank you!
