Bug ID 900789: Alert before Brute Force Protection (BFP) hash are fully utilized

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 16.0.0, 16.0.0.1

Fixed In:
16.1.0, 16.0.1, 15.1.0.5, 15.0.1.4, 14.1.2.7, 13.1.3.5

Opened: Apr 17, 2020

Severity: 3-Major

Symptoms

Brute Force Protection (BFP) uses a hash table to store counters of failed logins per IP addresses and usernames. There is a separate hash table for each virtual server. When the hash table is fully utilized and new entries need to be added, the LRU entry is being removed without logging a warning.

Impact

No alert is sent when entries are evicted.

Conditions

This can be encountered when Brute Force Protection is enabled and the hash table reaches its maximum capacity.

Workaround

None.

Fix Information

Alert/Warning is now announced in ASM logs, describing the status of the hash table.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips