Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP AFM, APM, ASM, AVR, BIG-IQ, DNS, GTM, LTM, PEM, SSLO, TMOS, vCMP
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2
Opened: Dec 31, 2020 Severity: 4-Minor
When using the 'passwd' utility from the command line to change a user password, the error message on why the new password is not accepted is wrong. Instead of the actual reason why the new password is not accepted, the following message is printed: "passwd.bin: Have exhausted maximum number of retries for service"
The real reason why the new password is not accepted is masked by the default error message: "passwd.bin: Have exhausted maximum number of retries for service"
- Using the 'passwd' utility from the command line to change a user password. - The new password is not accepted according to the configured tmsh auth password-policy.
Instead of using the command line 'passwd' utility, change the user password using tmsh. With tmsh, the real reason why a new password is not accepted is printed accurately: root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify auth password root changing password for root new password: default confirm password: default 01070366:3: Bad password (root): BAD PASSWORD: it is too simplistic/systematic Or, when using the 'passwd' utility from the command line, it's still possible to find the actual reason why the new password isn't accepted in the /var/log/ltm log file.
None