Bug ID 452753: Edge client on windows will logon user automatically during next attempt in some cases

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.6.0, 11.4.1 HF6

Opened: Mar 18, 2014
Severity: 3-Major
Related AskF5 Article:
K76844230

Symptoms

In some advanced authentication scenarios, users are not asked for credentials on trying to connect again even if they explicitly disconnected the VPN previously.

Impact

Might have security implications if user's desktop is accessed by an attacker.

Conditions

Access policy authenticates the user using an external identity provider (IdP). User disconnects VPN after successful authentication

Workaround

Quit Edge client after disconnecting.

Fix Information

Now Edge Client cleans up cookies for all intermediate hosts visited during connect.

Behavior Change