Bug ID 611151: An upper case JSON sensitive parameter is not masked when ASM policy is case-insensitive

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Aug 16, 2016

Severity: 3-Major

Symptoms

If you configure a sensitive parameter with an upper-case character (like "Password"), the data masking does not take place. When the sensitive parameter is all lower-case (like "password"), the data masking takes place as expected.

Impact

no data masking for a JSON sensitive parameter

Conditions

ASM provisioned ASM policy is case-insensitive JSON profile, w/ a sensitive parameter with an upper-case character

Workaround

N/A

Fix Information

We've made sure that JSON parameters are always treated as case sensitive, regardless of the ASM policy case sensitivity setting.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips