Bug ID 519966: APM "Session Variables" report shows user passwords in plain text

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2

Opened: Apr 24, 2015
Severity: 3-Major

Symptoms

APM Session Variables report shows user passwords in plain text.

Impact

It is not safe to show users' password in plain text.

Conditions

Has password session variable.

Workaround

None

Fix Information

APM Session Variables report masks user passwords, displaying ************ instead.

Behavior Change