Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
13.1.0, 22.214.171.124, 126.96.36.199, 188.8.131.52
Opened: Feb 06, 2018
A false positive "no strong integrity param" is sent when none of the configured data-integrity parameters are present in the request.
A false positive "no strong integrity param" alert is sent.
1. a protected URL has at least one parameter configured with data0integrity check enabled 2. enhanced data manipulation is enabled 3. a request without any of the data-integrity parameters is sent to the protected URL
There is no workaround at this time.
"No strong integrity param" alert should be suppressed in case that none of the data-integrity parameters were sent. In case that forcing all data-integrity parameters was enabled (tmsh modify sys db antifraud.autotransactions.parameternameintegrity value enable) - the alert will be sent.