Bug ID 920197: Brute force mitigation can stop mitigating without a notification

Last Modified: Apr 20, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 16.0.0,, 16.0.1,

Fixed In:
16.1.0,, 15.1.4,, 13.1.5

Opened: Jun 23, 2020
Severity: 2-Critical


A brute force attack coming from an entity (such as an IP address, etc.) may be stopped prematurely.


At some point, an entity might not be mitigated due to the sheer number of mitigated entities. When this occurs, there is no notification.


-- Many brute force attacks are happening at once, coming from many sources. -- Distributed attack is not detected (due to configuration).



Fix Information


Behavior Change