Pwned Passwords Check

Problem this snippet solves: This snippet makes it possible to use Troy Hunt’s ‘Pwned Passwords’ API. By using this API one can check if the password being used was exposed in earlier data breaches....

Updated Jun 06, 2023

Version 2.0

api

application delivery

BIG-IP Access Policy Manager (APM)

MVP

Joined May 16, 2019

View Profile

Walter_Kacynski

Cirrostratus

Mar 12, 2018

session.custom.hibp.password is not required for this use case and exposes the users password in clear text in log files and in core dumps.

Instead, you can code and eliminate the extra VPE agent.

set password [ACCESS::session data get -secure session.logon.last.password]

Pwned Passwords Check

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS