Bug ID 2154057

Bug Tracker
ID 2154057

Bug ID 2154057: MCPD validations not throwing error when snmpv3 password contains more than 77 characters

Last Modified: Dec 05, 2025

Affected Product(s):
BIG-IP Install/Upgrade, TMOS(all modules)

Known Affected Versions:
14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 15.1.10.7, 15.1.10.8, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3

Opened: Nov 21, 2025

Severity: 2-Critical

Symptoms

After upgrading, mcpd goes into a restart loop. /var/log/ltm contains the following: err mcpd[13691]: 0107102b:3: Master Key decrypt failure - decrypt failure - final notice mcpd[13691]: 01071029:5: Master decrypt final notice mcpd[13691]: 01071027:5: Master key OpenSSL error: 4006860532:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:653: notice mcpd[13691]: 01b00001:5: Processed value is empty: class name (usmuser) field name () err mcpd[13691]: 01071684:3: Unable to encrypt application variable (/Common/snmpv3user auth_password usmuser /Common/snmpd).

Impact

- SNMP configuration does not function. - If the device is rebooted or MCPD is restarted, the system will remain INOPERATIVE or MCPD will be in a restart loop.

Conditions

-- SNMPv3 configuration that uses a password containing more than 77 characters -- An upgrade is performed This also occurs within a release by saving the config and then forcing a load from text files (`touch /service/mcpd/forceload && pkill mcpd`) This may also occur with auth-password or privacy-password values that are 78 characters in length or longer

Workaround

If a device is currently in an inoperative state and affected by this issue: - Create a backup copy of /config/bigip_base.conf - Manually edit bigip_base.conf and remove the SNMPv3 users and traps - If the system does not recover automatically, restart MCPD or reboot the device once.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips