Bug ID 481203: User name case sensitivity issue

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF6, 11.4.1 HF9

Opened: Sep 25, 2014
Severity: 3-Major
Related AskF5 Article:
K17017

Symptoms

Create a local user (for dynamic user too) starting with upper case. When responding to logon page, user can enter all lower case or upper case or any combination of the same. User gets authenticated, however, for all different combinations of user names, it creates an entry in memcache. Actually there should be only one. So when the user gets deleted, all other entries remains in memcache.

Impact

This issue causes dangling memcache entries which does not have accountability.

Conditions

This issue occurs While entering user name during logon page response.

Workaround

This issue has no workaround at this time.

Fix Information

While creating memcache entry, we now normalize the username into utf8 lowerecase. This makes sure, there is only one entry for all combination of usernames.

Behavior Change