Bug ID 519966

Bug Tracker
ID 519966

Bug ID 519966: APM "Session Variables" report shows user passwords in plain text

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2

Opened: Apr 24, 2015

Severity: 3-Major

Symptoms

APM Session Variables report shows user passwords in plain text.

Impact

It is not safe to show users' password in plain text.

Conditions

Has password session variable.

Workaround

None

Fix Information

APM Session Variables report masks user passwords, displaying ************ instead.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips