Bug ID 629803: "HTTP 401 Response" agent reuses incorrect credentials

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Nov 22, 2016

Severity: 3-Major

Related Article: K53523923

Symptoms

In case of invalid credentials, user gets prompted to log on a fewer number of times than the 'Max Logon Attempts Allowed' count defined in Auth Agent.

Impact

User won't get same number of logon attempts as defined in Auth Agent.

Conditions

The issue only occurs when the 'HTTP 401 Response' agent is used before authentication agent in access policies.

Workaround

In Auth Agent, set ,Max Logon Attempts Allowed' to 5 in order to get 3 logon attempts.

Fix Information

User now gets the configured number of logon attempts as defined in Auth Agent in case of invalid credentials.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips