Bug ID 684852: Obfuscator not producing deterministic output

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:

Fixed In:

Opened: Sep 21, 2017

Severity: 2-Critical


Proactive defense challenge is not passed.


Proactive defense challenge is not passed; challenge remains on blank page on chassis.


The obfuscator does not produce the same output for the same pair of key and seed. Therefore, on multi-blade devices, or on active-active deployments, when the request to the page (url=/) and the request to the javascript (/TSPD/*?type=10) each go to a different blade or a different device. More frequently, it happens when the page and javascript are loaded from the same blade, but the javascript is stored in the cache. Then another refresh, and the request goes to the second blade. Because the javascript in the cache was received from the first blade, it does not match the page.



Fix Information

Obfuscator now uses common Random object.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips