Bug ID 748649: Key logging chrome extension can bypass Websafe KeyLogger

Last Modified: Oct 24, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
15.0.0

Opened: Nov 04, 2018
Severity: 3-Major

Symptoms

When installed, JSLogger extension can bypass password field protection and get the real password input

Impact

Password value is captured

Conditions

JSLogger extension installed

Workaround

N/A

Fix Information

Code adjustment for better event faking

Behavior Change