Last Modified: Jul 09, 2024
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-A 1.1.1, F5OS-C 1.5.0, F5OS-C 1.5.1
Fixed In:
F5OS-C 1.6.0, F5OS-A 1.4.0, F5OS-A 1.3.0
Opened: Jul 28, 2022 Severity: 2-Critical
When using the CLI or older webUI, it was possible to enter an "empty" password. This would cause nslcd to be incorrectly configured.
A blank password was highly unlikely to be the intended result and would fail to work correctly when configuring authentication or talking to the LDAP server.
LDAP configured. Blank LDAP bind password entered: system aaa authentication ldap bindpw ""
Explicitly set the bind password to unset: no system aaa authentication ldap bindpw
Fixed authentication so any form of "empty" password results in the password being unset.