Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7
Fixed In:
12.1.4
Opened: Jul 24, 2018 Severity: 3-Major
When brute force attack is detected and prevented by asm, asm continue to prevent login attempts even the attacking traffic has stopped 5 minutes ago.
ASM doesn't report that brute force attack is finished and logins mitigation continues to occur.
- ASM provisioned - ASM policy attached to a virtual server - ASM Brute Force protection enabled in the asm policy - There is an ongoing brute force attack on the backend server.
While ongoing endless brute force attack, change an arbitrary field in brute force configuration and apply policy. Brute force attack end event will be triggered and the system will stop brute force prevention, if the attacking traffic still being sent, new brute force attack event will be raised and the mitigation will reoccur.
Fix brute force end condition check for a case when only successful logins are sent.