Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3
Fixed In:
13.1.3.4
Opened: Nov 06, 2019 Severity: 3-Major
ASM end users are required to type CAPTCHA letters twice to get the login request to be forwarded to the server. In addition, the original login request is not sent to the server, which results in failed logins.
False-positive bad logins.
-- ASM provisioned. -- ASM policy attached to a virtual server. -- Brute force enabled in the ASM policy. -- Brute force issues CAPTCHA mitigation.
Remove sensitive parameters from asm policy. Impact of workaround: This results in sensitive parameters being revealed in the ASM event logs.
CAPTCHA mechanism now works correctly along with sensitive parameters.