Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3
Fixed In:
13.1.3.4
Opened: Nov 06, 2019
Severity: 3-Major
ASM end users are required to type CAPTCHA letters twice to get the login request to be forwarded to the server. In addition, the original login request is not sent to the server, which results in failed logins.
False-positive bad logins.
-- ASM provisioned. -- ASM policy attached to a virtual server. -- Brute force enabled in the ASM policy. -- Brute force issues CAPTCHA mitigation.
Remove sensitive parameters from asm policy. Impact of workaround: This results in sensitive parameters being revealed in the ASM event logs.
CAPTCHA mechanism now works correctly along with sensitive parameters.