Last Modified: Feb 23, 2023
Affected Product(s):
BIG-IP ASM
Opened: Dec 15, 2022 Severity: 3-Major
In case of Leaked Credential server error, there is an internal parameter to raise Leaked Credentials Violation: cred_stuffing_fail_open (default value is not to raise violation) Changing the internal parameter value does not trigger the violation.
Leaked Credential violation is not raised.
- ASM is provisioned. - WAF Policy is attached to virtual server with Credential Stuffing enabled. - Internal Parameter cred_stuffing_fail_open is set to 0. - A server error (or timeout) occurred during leaked credential check.
None
None