Bug in WAF?

We are protecting our OWA through the UTM's WAF. (UTM is on 9.714-4)

Since a while, it works like expected, until today, where a user comes by and complains about connection issues with his mobile device.

Turns out, the problem seams to be a ">" in in his Password.

Hi's able to login to OWA directly from the the internal network but not from outside via WAF.

When the login fails through WAF the Exchange Logs shows:

An account failed to log on.

Subject:
    Security ID:       SYSTEM
    Account Name:      Mailserver$
    Account Domain:    Domain
    Logon ID:          0x3E7

Logon Type:            8

Account For Which Logon Failed:
    Security ID:       NULL SID
    Account Name:      username
    Account Domain:    domain

Failure Information:
    Failure Reason:    Unknown user name or bad password.
    Status:            0xC000006D
    Sub Status:        0xC000006A

The Firewall log:

2023:02:28-09:51:18 host-1 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="26739" user="-" host="xxx.xxx.xxx.xxx" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="61956" url="/owa/auth/logon.aspx" server="exchange.local" port="443" query="?url=https%3a%2f%2fexchange.local%2fowa%2f&reason=2" referer="">exchange.local/.../logon.aspx cookie="cookieTest=1; logondata=acc=0&lgn=domain\\user; _ga=GA1.1.1705732369.1677573787; _ga_M9BP2QSXKX=GS1.1.1677573786.1.1.1677574145.0.0.0; PrivateComputer=true; PBack=0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_3AhrzZbUm4FR9sBGOLLAAAAHQ"

privacy
[bearbeitet von: husme um 10:33 AM (GMT -8) am 28 Feb 2023]