Last Modified: Aug 01, 2024
Affected Product(s):
F5OS F5OS
Known Affected Versions:
F5OS-A 1.4.0
Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.0
Opened: Mar 02, 2023 Severity: 3-Major
When using LDAP authentication, usage of the shadowExpire and related attributes will not enforce expiration on the F5 device.
User with expired attributes can log into F5 device.
LDAP authentication is configured. LDAP shadowExpire, shadowMax, and related attributes are set such that the user should be expired.
Either remove the user from groups with roles that allow access to the F5 device (for example, F5OS admin role gidNumber) or delete the user.
None