Symptoms

In case of Leaked Credential server error, there is an internal parameter to raise Leaked Credentials Violation: cred_stuffing_fail_open (default value is not to raise violation) Changing the internal parameter value does not trigger the violation.

Impact

Leaked Credential violation is not raised.

Conditions

- ASM is provisioned. - WAF Policy is attached to virtual server with Credential Stuffing enabled. - Internal Parameter cred_stuffing_fail_open is set to 0. - A server error (or timeout) occurred during leaked credential check.

Workaround

None

Fix Information

None

Behavior Change