Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2
Fixed In:
11.6.0, 11.5.4 HF3
Opened: Jun 18, 2014 Severity: 2-Critical
With audit logging enabled, you notice that after updating a password for an account it is visible in /var/log/audit
Password is visible in the audit log.
This occurs when audit logging is enabled.
Disable audit logging.
The password is no longer logged in the audit log.