Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2
Fixed In:
13.0.0, 12.1.2 HF1
Opened: Aug 16, 2016 Severity: 3-Major
If you configure a sensitive parameter with an upper-case character (like "Password"), the data masking does not take place. When the sensitive parameter is all lower-case (like "password"), the data masking takes place as expected.
no data masking for a JSON sensitive parameter
ASM provisioned ASM policy is case-insensitive JSON profile, w/ a sensitive parameter with an upper-case character
N/A
We've made sure that JSON parameters are always treated as case sensitive, regardless of the ASM policy case sensitivity setting.