Bug ID 1315065: RSA-1024 SSH public keys should not be allowed in FIPS mode

Last Modified: Aug 01, 2024

Affected Product(s):
F5OS None(all modules)

Fixed In:
F5OS-C 1.6.0, F5OS-A 1.7.0, F5OS-A 1.5.2, F5OS-A 1.5.1

Opened: Jun 29, 2023

Severity: 1-Blocking

Symptoms

When logging into an F5OS or BIG-IP system that is in FIPS mode, RSA-1024 SSH public keys should not be allowed to make the connection. Users should instead be prompted for a password.

Impact

The user is allowed to authenticate with the key, which should not be allowed.

Conditions

User creates a RSA-1024 SSH public key and uses it to connect to the system, while the system is in FIPS mode.

Workaround

N/A

Fix Information

Users cannot authenticate with a RSA-1024 SSH public key while the system is in FIPS mode.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips