Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Login page user name and password visible in Browser.

IRONMAN
Cirrostratus
Cirrostratus

‎07-Jul-2021 04:13

We have Public website, where we manage authentication for users. During Our Audit we found, Username and password are visible in logs of browser.

We need hide it for all users. Do we have option in F5 AWAF?

 

Labels:
0 Kudos
1 REPLY 1

Daniel_Wolf
MVP
MVP

‎07-Jul-2021 08:24

Hi Ironman,

 

I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.

If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers.

 

Take a look at the WAF manual: Encrypting Data on the Application Level

And there is a great lab guide from the Agility 2021 that would guide you through the process:

Lab 3.1: DataSafe

 

KR

Daniel

Copyright © 2023 Khoros, LLC