Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
13.1.0, 13.1.0.1
Fixed In:
14.0.0, 13.1.0.2
Opened: Sep 21, 2017 Severity: 2-Critical
Proactive defense challenge is not passed.
Proactive defense challenge is not passed; challenge remains on blank page on chassis.
The obfuscator does not produce the same output for the same pair of key and seed. Therefore, on multi-blade devices, or on active-active deployments, when the request to the page (url=/) and the request to the javascript (/TSPD/*?type=10) each go to a different blade or a different device. More frequently, it happens when the page and javascript are loaded from the same blade, but the javascript is stored in the cache. Then another refresh, and the request goes to the second blade. Because the javascript in the cache was received from the first blade, it does not match the page.
None.
Obfuscator now uses common Random object.