Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP FPS
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: May 14, 2017
Severity: 2-Critical
Real-time encryption for non-password field when full-AJAX encryption is enabled.
when malware changes input value with JS code, the system sends this value instead of the RTE one.
1. Configure specific parameter with encryption enabled. 2. The page uses AJAX. 3. Change the configured parameter value in the page after it has been populated by the end user, and then submit the page.
None.
The system now sends the real value from RTE in this case.
