Bug ID 1033837: REST authentication tokens persist on reboot

Last Modified: Jun 12, 2024

Affected Product(s):
BIG-IP Install/Upgrade(all modules)

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5

Opened: Jul 15, 2021

Severity: 4-Minor

Related Article: K23605346

Symptoms

REST authentication tokens persist across reboots. Current best practices require that they be invalidated at boot.

Impact

REST authentication tokens are not invalidated at boot.

Conditions

-- REST authentication token in use -- BIG-IP restarts

Workaround

None

Fix Information

REST authentication tokens are invalidated at boot. Additionally, a new db variable is introduced: httpd.matchclient which is used to validate that the IP address of the creator of the token is the only valid user of that token.

Behavior Change

Existing REST tokens are now invalidated on boot; new tokens will need to be generated after a reboot.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips