cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Login page user name and password visible in Browser.

IRONMAN
Cirrostratus
Cirrostratus

We have Public website, where we manage authentication for users. During Our Audit we found, Username and password are visible in logs of browser.

We need hide it for all users. Do we have option in F5 AWAF?

 

1 REPLY 1

Hi Ironman,

 

I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.

If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers.

 

Take a look at the WAF manual: Encrypting Data on the Application Level

And there is a great lab guide from the Agility 2021 that would guide you through the process:

Lab 3.1: DataSafe

 

KR

Daniel