Last Modified: May 19, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Opened: Jul 04, 2024 Severity: 3-Major
When remote auth configured with fallback is set to true and if try to login to the BIG-IP with local user credentials by providing empty password first then authentication mechanism fall back to local and then if provided with correct local user password the access is granted which causes security issues.
Unauthorized access is given to the BIG-IP with local user even though the authentication mechanism is configured as remote.
1) configure auth source fallback true. 2) configure remote auth mechanism in this case tacacs. 3) configure a local user which is not present in tacacs server. auth source { fallback true type tacacs }
Configure auth source fallback as false. auth source { fallback false type tacacs }
None