CISA Urges Encrypting BIG-IP Cookies to Block Cyber Threat Exploitation

The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent advisory to organizations, highlighting the pressing need to address security risks tied to unencrypted cookies within F5 BIG-IP Local Traffic Manager (LTM) systems. This move comes in response to cyber threat actors exploiting these unencrypted persistent cookies to gain unauthorized access to non-internet-facing devices on networks. With F5 BIG-IP being a highly prevalent suite of hardware and software solutions used to manage and secure network traffic, the implications of such vulnerabilities are significant.

CISA’s advisory emphasizes that attackers can use information gleaned from these cookies to identify and map additional network resources, potentially exploiting vulnerabilities in other connected devices. The agency underscored that a malicious cyber actor, leveraging unencrypted persistence cookies, could infer or identify additional network resources and potentially exploit weaknesses in other devices on the network. To mitigate these risks, CISA strongly recommends organizations configure their BIG-IP LTM systems to encrypt both the persistence cookies generated by the BIG-IP system and any cookies sent from servers. By encrypting these cookies, organizations can prevent sensitive information from being exposed in plaintext, thereby shielding their networks from potential threats.

Set Up Cookie Encryption Through the BIG-IP LTM System’s Persistence Profile

One of the primary steps that CISA advises organizations to take is to set up cookie encryption through the persistence profile of the BIG-IP LTM system. This measure ensures that the cookies generated by the BIG-IP system itself are encrypted, significantly reducing the risk of data exposure. In the BIG-IP system, the persistence profile plays a crucial role in maintaining a client’s session by using cookies to identify returning clients. Encrypting these cookies is pivotal in safeguarding session data from prying eyes.

In the context of the BIG-IP system, persistence profiles are used to keep track of a client’s session, ensuring that they are consistently directed to the same server. By encrypting the cookies associated with these profiles, organizations can add an essential layer of security. This encryption ensures that even if an attacker intercepts the cookies, the information contained within them remains inaccessible without the proper decryption key. As a result, this step is a fundamental part of preventing unauthorized access and mitigating potential threats.

Employ the HTTP Profile to Secure Cookies Sent From Servers

CISA also recommends that organizations use the HTTP profile to secure cookies sent from servers. Unlike persistence cookies generated by the BIG-IP system, cookies from server responses need separate encryption to ensure they remain protected. Using the HTTP profile for this purpose allows organizations to extend encryption practices to all cookies within their network infrastructure, not just those created by the BIG-IP system.

Employing the HTTP profile to encrypt cookies sent from servers helps protect critical data transmitted between the client and the server. When configured correctly, the HTTP profile provides a robust mechanism for encrypting cookies, ensuring that sensitive information is not left vulnerable to interception or tampering by malicious actors. This step is essential to maintain the integrity of data exchanges on the network, reinforcing overall security measures and protecting user data from potential breaches.

Establish a Robust Encryption Passphrase When Setting Up Cookie Encryption

Additionally, when configuring cookie encryption, it is vital for organizations to establish a robust encryption passphrase. A strong passphrase ensures that the encryption is difficult to break, thereby enhancing the security of the encrypted cookies. The choice of passphrase should adhere to best practices, including using a mix of uppercase and lowercase letters, numbers, and special characters, while avoiding easily guessable or common words.

A robust encryption passphrase is a critical component of effective cookie encryption. It acts as the key to decrypting the information contained within the encrypted cookies. Therefore, ensuring that this passphrase is both complex and secure is imperative. Organizations should also implement policies to rotate encryption passphrases regularly, minimizing the risk of long-term exposure if a passphrase were to be compromised. Implementing such stringent measures is vital for maintaining high-security standards across an organization’s network infrastructure.

Use Diagnostic Tools Like BIG-IP iHealth to Oversee System Configurations and Identify Unencrypted Cookies

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an urgent warning to organizations about the critical need to address security risks associated with unencrypted cookies in F5 BIG-IP Local Traffic Manager (LTM) systems. This alert comes in light of reports that cybercriminals have been exploiting these unencrypted persistent cookies to gain unauthorized access to non-internet-facing devices within networks. Given that F5 BIG-IP is widespread and crucial in managing and securing network traffic, the potential ramifications of such vulnerabilities are substantial.

CISA’s notice highlights that attackers can utilize information from these cookies to identify and map additional network resources, potentially exploiting other connected devices’ vulnerabilities. The agency reiterated that cyber actors could leverage unencrypted persistence cookies to discover and exploit weaknesses in other networked devices. To reduce these risks, CISA advises organizations to configure their BIG-IP LTM systems to encrypt both persistence cookies generated by the system and any cookies sent from servers. Encrypting these cookies will help prevent the exposure of sensitive information in plaintext, thereby better protecting their networks from potential threats.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

ClickLock Malware Coerces macOS Users to Surrender Passwords

Traditional macOS security architectures have long been celebrated for their robust sandboxing and gated execution, yet a new strain of malware is proving that the human element remains the most vulnerable entry point in any digital ecosystem. This threat, known as ClickLock, has emerged as a particularly aggressive evolution in the macOS threat landscape by prioritizing psychological pressure and social

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

How Is OpenAI Redefining AI With Precision Engineering?

The shift from experimental conversationalists to precise engineering tools has fundamentally altered the landscape of digital productivity and high-performance computing in 2026. This transition is marked by a move away from the early excitement surrounding generative models toward a rigorous framework centered on deep optimization and granular control. OpenAI has spearheaded this movement with the introduction of the GPT-5.6 Sol