Last Modified: Dec 22, 2022
Affected Product:
See more info
BIG-IP ASM
Opened: Dec 15, 2022
Severity: 4-Minor
In case of Leaked Credential server error, there is an internal parameter to raise Leaked Credentials Violation: cred_stuffing_fail_open (default value is not to raise violation) Changing the internal parameter value does not trigger the violation.
Leaked Credential violation is not raised.
- ASM is provisioned. - WAF Policy is attached to virtual server with Credential Stuffing enabled. - Internal Parameter cred_stuffing_fail_open is set to 0. - A server error (or timeout) occurred during leaked credential check.
None
None