Bug ID 664650: Real time encryption on non-password fields

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: May 14, 2017
Severity: 2-Critical


Real-time encryption for non-password field when full-AJAX encryption is enabled.


when malware changes input value with JS code, the system sends this value instead of the RTE one.


1. Configure specific parameter with encryption enabled. 2. The page uses AJAX. 3. Change the configured parameter value in the page after it has been populated by the end user, and then submit the page.



Fix Information

The system now sends the real value from RTE in this case.

Behavior Change