Last Modified: Aug 01, 2024
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-A 1.3.2
Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.2
Opened: Mar 14, 2023 Severity: 3-Major
Changing the Account Locked field on the Edit User page does not lockout a user, nor does the field correctly represent the locked status of a user.
Users are allowed to log in even if the Account Locked status is changed to True and the account is truly locked. Users are unable to log in even if the Account Locked status is changed to False, and the account is truly unlocked.
Using the Account Locked field in the webUI.
To lock or unlock a user, use the CLI to set the user's expiry date to 1 for locked and -1 for unlocked. Following is an example: Locked (config)# system aaa authentication users user <username> config expiry-date 1 (config)# commit Un-locked (config)# system aaa authentication users user <username> config expiry-date -1 (config)# commit
On the webUI the "Account Locked" widget will be replaced by the "Expiry Status" configuration which will allow locking the user in a similar fashion as the CLI.