Bug ID 1023993: Brute Force is not blocking requests, even when auth failure happens multiple times

Last Modified: Jun 19, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5

Opened: Jun 08, 2021

Severity: 3-Major

Symptoms

Send traffic with multiple Authorization headers in the request after configuring the brute force. The traffic will not be blocked, when it is supposed to be.

Impact

Brute force is possible with specially crafted requests having multiple Authorization headers and will be able to bypass brute force checks.

Conditions

When there is more than one Authorization header present in the requests.

Workaround

Enable "Illegal repeated header violation" and configure Authorization header repeated occurrence to disallow.

Fix Information

ASM detects the brute force attempt with multiple Authorization headers in the request.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips