Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Jun 24, 2014 Severity: 4-Minor
While updating localdb authentication failure, the auto-populated rule to update localdb variable was faulty hence was not updating correctly.
User may not get locked, when it is supposed to be.
Using wrong username or password while using localdb authentication the login failure count was not getting updated. This will cause user to keep trying even when he/she was suppose to get locked out.
Editing the rule (setup default otherwise) with corrected syntax (use spaces between the tokens) this issue can be fixed. for example "expr{[mcget{session.localdb.login_failures}]+1}" value="Login Failures" can be fixed by changing to: "expr { [mcget {session.localdb.login_failures}]+1}" value="Login Failures"
The auto-populated rule/expression has been corrected.