For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jksingh_44237's avatar
jksingh_44237
Icon for Nimbostratus rankNimbostratus
Jan 04, 2010

The remote load balancer suffers from an information disclosure vulnerability at port 80 and 443

I am looking a solution for this issue.....   I have BIGIP (BIG-IP 9.3.1 Build 37.1)     Port http (tcp/80)   Synopsis :   The remote load balancer suffers from an i...
dev
devops
iControl
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 23, 2011
I submitted an internal request to add a checkbox option to the cookie insert persistence profile for encryption and an encryption passphrase to make it very clear that you can encrypt the cookie value and simple to do so.

 

 

Hamish, I can see both sides of your request. From a security standpoint, I think it's a good practice to limit the amount of information you give potential attackers. But I think the actual security risk is fairly low and the performance hit for the encryption is not nothing.

 

 

Anyhow, if you'd like to see such a feature added in a future version, you can open a case with F5 Support and request this change. If you get a RFE ID, please reply back here with it for others to reference.

 

 

Thanks, Aaron