Bug ID 682671: The username is updated in the alert dashboard even if login validation fails.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Sep 11, 2017

Severity: 3-Major

Symptoms

The username is updated in the alert dashboard even if login validation fails.

Impact

The new username will be updated in previous alerts in the alert dashboard.

Conditions

This occurs when the following conditions are met: -- 'trigger iRule' is enabled on the FPS profile. -- ANTIFRAUD::username <user> command is used in the ANTIFRAUD_LOGIN Tcl event. -- 'login validation' is enabled on the FPS profile.

Workaround

Use the ANTIFRAUD::username <user> command only if ANTIFRAUD::result is SUCCESS. Note: Reports to the risk engine will not contain the new username.

Fix Information

FPS uses the new username but does not set the username cookie. This is correct behavior.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips