Last Modified: Nov 07, 2022
Known Affected Versions:
13.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168
Opened: Feb 06, 2018 Severity: 3-Major
A false positive "no strong integrity param" is sent when none of the configured data-integrity parameters are present in the request.
A false positive "no strong integrity param" alert is sent.
1. a protected URL has at least one parameter configured with data0integrity check enabled 2. enhanced data manipulation is enabled 3. a request without any of the data-integrity parameters is sent to the protected URL
There is no workaround at this time.
"No strong integrity param" alert should be suppressed in case that none of the data-integrity parameters were sent. In case that forcing all data-integrity parameters was enabled (tmsh modify sys db antifraud.autotransactions.parameternameintegrity value enable) - the alert will be sent.