Bug ID 620635: Request having upper case JSON login parameter is not detected as a failed login attempt

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Oct 05, 2016
Severity: 3-Major

Symptoms

Not able to detect failed login attempt if ASM policy is case insensitive, and incoming JSON string contains upper case.

Impact

Not able to detect failed login attempt if ASM policy is case insensitive, and incoming JSON string contains upper case.

Conditions

ASM provisioned ASM policy is case-insensitive JSON profile, w/ JSON login parameter with an upper-case character

Workaround

N/A

Fix Information

We've made sure that JSON login parameter are always treated as case sensitive, regardless of the ASM policy case sensitivity setting.

Behavior Change