F5 ASM logs : Passwords appear in clear text

Question

We have syslog servers configured. We recently observed that on ASM requests logs that are being forwarded to syslog servers, the password parameter value is given in clear text on the /owa/auth requests.

I observed that mostly the requests which get blocked have the values being displayed in clear text. while genuine traffic requests have the same values sanitized/encrypted.

The parameters mentioned are already given as sensitive parameters in the policy.

Need to know if this is normal behaviour for F5

Thanks,

Arjun

dario_garrido · Answer

Also thishttps://support.f5.com/csp/article/K52154401

dario_garrido · Answer

Hello.&nbsp;I recommend you to check this -&gt;https://devcentral.f5.com/s/question/0D51T00006j3Rwg/asm-hide-parameter-sensitive-data-in-the-logs&nbsp;Let us know if it doesn't help.&nbsp;KR,Dario.

arjun · Answer

Hi Dario, Thank you for the reference links. I am currently running the version 13.1.1 and the option mentioned in the F5 Article is not available yet. Moreover already we have sensitive data enabled and the URL with the parameter is having "Request Body Handling" to Form DATA.

Is there anything else we need to check.

dario_garrido · Answer

Try to open a support case.

Forum Discussion

F5 ASM logs : Passwords appear in clear text

4 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Ansible module to update BIG-IP root/admin passwords

Pwned Passwords Check

BIGIQ/DCD and BIGIP Admin password change