Bug ID 786709: Upgrade fails if using multiple tokens on CAPTCHA custom response

Last Modified: Oct 16, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 15.0.0, 15.0.1

Opened: May 26, 2019
Severity: 3-Major

Symptoms

An upgrade from a release 12.1.x or earlier fails if a CAPTCHA custom response is configured with multiple CAPTCHA tokens in the response. This is an invalid configuration, but was not prevented on 12.1.x and earlier.

Impact

Upgrade failure.

Conditions

-- Application DoS profile is configured on 12.1.x or earlier. -- Custom CAPTCHA response which includes multiple CAPTCHA tokens. -- Upgrading to 13.0.x or later.

Workaround

Modify the bigip.conf file to remove the additional tokens. 1. In the bigip.conf file, search for the 'captcha-response' sections. 2, Look for multiple %DOSL7.captcha.*% tokens on the same response. 3. Remove the additional tokens. 4. Load the config.

Fix Information

None

Behavior Change