Last Modified: Oct 08, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3
Fixed In:
F5OS-C 1.6.0
Opened: May 22, 2023 Severity: 2-Critical
When an admin-role user sets another user's password using set-password, the user was not always forced to change their password on first login with the new credentials. Modern security standards all require that users establish their own credentials.
Credentials are not always required to be set upon initial access.
If a user set their own initial password, and an admin-role user later changed it to some other value, the user was not always forced to reset it on first use.
None
The 'set-password' command now always resets the password last-change time to zero, which forces a password change on next login.