Bug ID 718232: Some FTP servers may cause false positive for ftp_security

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
14.1.0

Opened: May 03, 2018
Severity: 3-Major

Symptoms

A login might get rejected after a lower number of failed logins than is configured for 'Maximum Username Login Retries'. BIG-IP system posts the following error message: 530 Too many failed login attempts by the user.

Impact

A legitimate user might be rejected and have to wait until the configured 'Re-enable login' time.

Conditions

-- The server sends unexpected ingresses that are rejected. -- There is a value specified for 'Maximum Username Login Retries'.

Workaround

There is no workaround at this time.

Fix Information

This release provides an internal param that, when enabled, causes these unknown ingresses from the server to be ignored. Because of the traffic-specific nature of this issue, use of this internal parameter should occur under the direction of F5 Support.

Behavior Change