Bug ID 527814: Brute force history averages do not decrease when login requests stop

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jun 13, 2015
Severity: 3-Major

Symptoms

The calculation of brute force history averages may be wrong, causing the system to incorrectly detect brute force attacks.

Impact

False positive brute force attack may be detected.

Conditions

If the failed login average increases, decreases, and then increases again, the system might detect a false positive brute force attack.

Workaround

None

Fix Information

Brute force averages are correctly decreased when an a brute force attack is stopped.

Behavior Change