Bug ID 1538173: Bados TLS fingerprints works incorrectly with chrome's new versions

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.2, 16.1.5

Opened: Feb 15, 2024

Severity: 3-Major

Symptoms

The requests from the same Chrome browser but from different connections can have different TLS fingerprints

Impact

The same user will be identified and examined as a different users

Conditions

Behavioral L7 DOS is configured, BAD actors behavior detection configured with "Use TLS patterns as part of host identification" option. Some good clients or attackers use new versions of Chrome

Workaround

Don't use "TLS patterns as part of host identification" option"

Fix Information

The requests from the same Chrome browser have different TLS fingerprints

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips