Bug ID 1065681: Sensitive data is not masked under certain conditions.

Last Modified: Jan 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Opened: Dec 03, 2021
Severity: 3-Major

Symptoms

Sensitive data (or part of it) is visible in the request logs or the remote log.

Impact

Sensitive data is visible in the log.

Conditions

A parameter that is defined as a JSON profile. That profile has the parse parameters flag set.

Workaround

There are 2 possible workarounds: 1. Make the parameter that contains the json a sensitive parameter. 2. In the json profile attached to the parameter, uncheck the parse parameters flag. You will see a tab of sensitive data added in the UI. In that tab, explicitly add the JSON element as a sensitive element.

Fix Information

None

Behavior Change