Last Modified: Jul 12, 2023
Known Affected Versions:
Opened: Feb 06, 2023 Severity: 3-Major
During reinitialization of FIPS HSM in BIG-IP tenant, the presence of existing keys is not validated.
When reinitialization triggered, the existing keys are erased without a warning to the user.
When FIPS HSM in BIG-IP tenant is already initialized and keys are created. Then the reinitialization is triggered.
Before reinitialization of FIPS HSM in BIG-IP tenant, make sure the existing keys are deleted. Use following TMSH command to view the current keys: "show sys crypto fips keys"
When the FIPS HSM in BIG-IP tenant reinitialization is triggered, the existing keys are validated and a message is displayed that the keys are available. Delete all the existing keys before reinitialization.