ASM can see the uncrypted password of users

Question

Hi,&nbsp;
I am testing with my ASM v11+HF6, and used the logging profile (all requests), but ASM show me the name of user and password of user.
I created a login page with value only of username form id and enabled the sessions awareness and select the login page that created before. 
 What can i do to hide this sensitive data? I enabled the data guard and enforce the login page and still capture the password on logs.&nbsp;
Regards&nbsp;

nathe · Answer

Johtte, you can configure the password parameter to be a "sensitive parameter" type. This will mask the user's passwords in the request logs. &nbsp;
N&nbsp;

Forum Discussion

ASM can see the uncrypted password of users

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

DEVCENTRAL END-USER LICENSE AGREEMENT

Ansible module to update BIG-IP root/admin passwords

Update your DevCentral user profile