F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
[
{
"product": "F5 BIG-IP, REST Framework Logging",
"vendor": "F5 Networks",
"versions": [
{
"status": "affected",
"version": "BIG-IP 12.0.0, BIG-IP 11.5.0 - 11.6.1"
}
]
}
]