Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5
Opened: Jul 15, 2021 Severity: 4-Minor Related Article:
K23605346
REST authentication tokens persist across reboots. Current best practices require that they be invalidated at boot.
REST authentication tokens are not invalidated at boot.
-- REST authentication token in use -- BIG-IP restarts
None
REST authentication tokens are invalidated at boot. Additionally, a new db variable is introduced: httpd.matchclient which is used to validate that the IP address of the creator of the token is the only valid user of that token.
Existing REST tokens are now invalidated on boot; new tokens will need to be generated after a reboot.