Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1, 12.1.3.1, 11.6.3
Opened: Aug 04, 2017 Severity: 3-Major Related Article:
K31757417
Logon page agent with more than one password variable or Citrix logon prompt will log plain text password when debug logging is turned on for access policy.
APM logs plain text password when debug logging is turned on for access policy.
This occurs when following conditions are met: - Citrix Logon Prompt with two factor auth or Logon page agent with more than one password variable is added in the Access Policy. - Access Policy logging is set to debug.
None.
Password values are no longer written in APM logs when debug logging is enabled for access policy.