Bug ID 1079721: OWASP 2017 A2 Category - Login enforcement link is broken

Last Modified: Nov 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3

Fixed In:
16.1.3.1

Opened: Feb 09, 2022
Severity: 4-Minor

Symptoms

Under A2 category, Broken Authentication: ‘Login Enforcement: Not fulfilled’ - if you click on the Not fulfilled link you end up with a broken link

Impact

Link is broken, and need to go manually to login enforcement tab in Policy Configuration page

Conditions

1. Go to OWASP page (Security ›› Overview : OWASP Compliance) 2. Collapse Broken Authentication field 3. Click on Login Enforcement protection state link (Fulfilled or Not Fulfilled).

Workaround

Go to the related policy configuration page, click on Session and Logins tab. You will see there the Login Pages section.

Fix Information

None

Behavior Change