Bug ID 1043385: No Signature detected If Authorization header is missing padding.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5

Opened: Aug 28, 2021

Severity: 3-Major

Symptoms

If the Authentication scheme value in the Authorization header contains extra/missing padding in base64, then ASM does not detect any attack signatures.

Impact

Attack signature not detected.

Conditions

HTTP request with Authorization header contains base64 value with extra/missing padding.

Workaround

N/A

Fix Information

Base64 values with extra/missing padding has been handled to detect attack signature

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips