On VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the “/var/log/ltm” log file.
BIG-IP ASM 12.0.0 – 12.1.2
BIG-IP ASM 11.6.0 – 11.6.1 HF1
BIG-IP ASM 11.5.1 HF6 – 11.5.4
QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.
An attacker with access to the logged password may be able to cause disruption of service or have other impacts on the HSM partition.