Bug ID 677058: Citrix Logon prompt with two factor auth or Logon Page agent with two password type variables write password in plain text

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.1, 11.6.3

Opened: Aug 04, 2017
Severity: 3-Major
Related AskF5 Article:
K31757417

Symptoms

Logon page agent with more than one password variable or Citrix logon prompt will log plain text password when debug logging is turned on for access policy.

Impact

APM logs plain text password when debug logging is turned on for access policy.

Conditions

This occurs when following conditions are met: - Citrix Logon Prompt with two factor auth or Logon page agent with more than one password variable is added in the Access Policy. - Access Policy logging is set to debug.

Workaround

None.

Fix Information

Password values are no longer written in APM logs when debug logging is enabled for access policy.

Behavior Change