Bug ID 761300: Errors in REST token requests may log sensitive data

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
13.1.1.5

Opened: Mar 15, 2019

Severity: 3-Major

Related Article: K61105950

Symptoms

When requests for REST tokens generate a parsing error the logged message may contain sensitive data present in the request, including passwords.

Impact

Restlogs record sensitive data. Properly formatted requests do not generate this error logging and do not record sensitive data.

Conditions

Error in token request parsing. Typically causes include a typo or other JSON syntax error in the POST body of the REST request.

Workaround

None.

Fix Information

Sensitive data is now filtered from logging.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips