Last Modified: May 06, 2023
Known Affected Versions:
Opened: Mar 02, 2023 Severity: 3-Major
When using LDAP authentication, usage of the shadowExpire and related attributes will not enforce expiration on the F5 device.
User with expired attributes can log into F5 device.
LDAP authentication is configured. LDAP shadowExpire, shadowMax, and related attributes are set such that the user should be expired.
Either remove the user from groups with roles that allow access to the F5 device (for example, F5OS admin role gidNumber) or delete the user.