Bug ID 737998: Brute Force end attack condition isn't satisfied for successful logins only

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:

Opened: Jul 24, 2018

Severity: 3-Major


When brute force attack is detected and prevented by asm, asm continue to prevent login attempts even the attacking traffic has stopped 5 minutes ago.


ASM doesn't report that brute force attack is finished and logins mitigation continues to occur.


- ASM provisioned - ASM policy attached to a virtual server - ASM Brute Force protection enabled in the asm policy - There is an ongoing brute force attack on the backend server.


While ongoing endless brute force attack, change an arbitrary field in brute force configuration and apply policy. Brute force attack end event will be triggered and the system will stop brute force prevention, if the attacking traffic still being sent, new brute force attack event will be raised and the mitigation will reoccur.

Fix Information

Fix brute force end condition check for a case when only successful logins are sent.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips