Login page user name and password visible in Browser.

Question

We have Public website, where we manage authentication for users. During Our Audit we found, Username and password are visible in logs of browser.

We need hide it for all users. Do we have option in F5 AWAF?

daniel_wolf · Answer

Hi Ironman,&nbsp;I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers. &nbsp;Take a look at the WAF manual: Encrypting Data on the Application LevelAnd there is a great lab guide from the Agility 2021 that would guide you through the process:Lab 3.1: DataSafe&nbsp;KRDaniel

Forum Discussion

Login page user name and password visible in Browser.

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Visibility and Orchestration

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Post-Breach Analysis: Sophistication and Visibility

Implementing BIG-IP WAF logging and visibility with ELK