Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K20059815
HistoryNov 02, 2020 - 12:00 a.m.

K20059815 : iControl REST vulnerability CVE-2020-5943

2020-11-0200:00:00
my.f5.com
10
icontrol rest
vulnerability
cve-2020-5943
password security
sensitive information disclosure
rest responses

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

28.4%

JSON

Security Advisory Description

When a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. (CVE-2020-5943)

Impact

An obfuscated password is not as secure as an encrypted password. An authenticated, malicious representational state transfer (REST) API user may be able to de-obfuscate the protected fields in REST responses to view the plaintext password, resulting in sensitive information disclosure.

Related

cve 1
nessus 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2020-5943
2020-11-05 20:15:17
nessus
nessus
F5 Networks BIG-IP : iControl REST vulnerability (K20059815)
2023-11-03 00:00:00
cvelist
cvelist
CVE-2020-5943
2020-11-05 19:23:05
prion
prion
Design/Logic Flaw
2020-11-05 20:15:00
nvd
nvd
CVE-2020-5943
2020-11-05 20:15:17

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

28.4%

JSON
Related for F5:K20059815
cve1nessus1cvelist1prion1nvd1