Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.2 HF1, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF6, 11.4.1 HF9
Opened: Sep 25, 2014 Severity: 3-Major Related Article:
K17017
Create a local user (for dynamic user too) starting with upper case. When responding to logon page, user can enter all lower case or upper case or any combination of the same. User gets authenticated, however, for all different combinations of user names, it creates an entry in memcache. Actually there should be only one. So when the user gets deleted, all other entries remains in memcache.
This issue causes dangling memcache entries which does not have accountability.
This issue occurs While entering user name during logon page response.
This issue has no workaround at this time.
While creating memcache entry, we now normalize the username into utf8 lowerecase. This makes sure, there is only one entry for all combination of usernames.