Bug ID 527814: Brute force history averages do not decrease when login requests stop

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0

Opened: Jun 13, 2015

Severity: 3-Major

Symptoms

The calculation of brute force history averages may be wrong, causing the system to incorrectly detect brute force attacks.

Impact

False positive brute force attack may be detected.

Conditions

If the failed login average increases, decreases, and then increases again, the system might detect a false positive brute force attack.

Workaround

None

Fix Information

Brute force averages are correctly decreased when an a brute force attack is stopped.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips