Bug ID 1403797: Extending the username existence check for remote users

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:

Opened: Nov 27, 2023

Severity: 3-Major


The below endpoints that helps admin role users to create authentication tokens for the same or other role users, are unable to validate the username (either in the attribute or in the user link of the supplied payload) against the existence check. /mgmt/cm/system/authn/providers/tmos/token-generator /mgmt/shared/authz/tokens


Admin role user can create authentication token for any non-existing or disabled remote user, which is not expected to happen.


When admin role user is trying to create authentication token for same or other role users on behalf of using the following endpoints, with a non-existing username supplied. /mgmt/cm/system/authn/providers/tmos/token-generator /mgmt/shared/authz/tokens



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips