Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3
Fixed In:
14.0.0, 13.1.0.4
Opened: Jan 16, 2018 Severity: 3-Major
If password value is empty, the following error message will be logged in /var/log/apm: err apmd[14259]: 014902f0:3: /Common/profile_name:Common:eb69a5gd: RADIUS Agent: Failed to read Password Source session variable:
User may not be authenticated.
This occurs only when following conditions are met: - RADIUS or SecurID auth agent is included in the access policy. - Empty password value is used for authentication.
- Add variable assignment agent before RADIUS/SecurID auth agent in the access policy. - Set 'session.logon.last.password' (or whatever password source is used for authentication) to a random value.
RADIUS/SecurID auth agent allows empty password value for authentication.