Bug ID 871905: Incorrect masking of parameters in event log

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4

Fixed In:
16.0.0, 15.1.0.5, 15.0.1.4, 14.1.2.5, 13.1.5

Opened: Jan 22, 2020

Severity: 3-Major

Related Article: K02705117

Symptoms

When using CSRF protection, sensitive parameters values can be masked incorrectly in the event log.

Impact

Sensitive parameters values can be masked incorrectly in the event log.

Conditions

The request contains a CSRF token and sensitive parameters.

Workaround

None.

Fix Information

Sensitive parameters values are now correctly masked in the event log when request contains CSRF token.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips