Bug ID 620635: Request having upper case JSON login parameter is not detected as a failed login attempt

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Oct 05, 2016

Severity: 3-Major

Symptoms

Not able to detect failed login attempt if ASM policy is case insensitive, and incoming JSON string contains upper case.

Impact

Not able to detect failed login attempt if ASM policy is case insensitive, and incoming JSON string contains upper case.

Conditions

ASM provisioned ASM policy is case-insensitive JSON profile, w/ JSON login parameter with an upper-case character

Workaround

N/A

Fix Information

We've made sure that JSON login parameter are always treated as case sensitive, regardless of the ASM policy case sensitivity setting.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips