Bug ID 456509: iApp-created pool monitor fails if password contains certain characters.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
12.0.0

Opened: Apr 09, 2014
Severity: 4-Minor

Symptoms

Password strings in monitors created by some iapps will not work if they contain one of these 8 characters #|{}'";\ All other characters, including ~!@$%^&*()_+=-[]:`<>?/., may be used in monitor passwords without issue.

Impact

A pool monitor using credentials affected by this bug will report all pool members down.

Conditions

One of the 8 special characters (#|{}'";\) must be used in one of the following iApp fields: (1) f5.radius monitor password and secret, affected since 11.4 (2) f5.ldap monitor password, affected since 11.4 (3) f5.http and related templates, monitor password, affected since 11.5 (only in advanced mode when pool requires credentials) (4) f5.sharepoint_2010_2013, monitor password, all versions (5) f5.vmware_view, AAA monitor password, all versions (6) f5.citrix_vdi, AAA monitor and SmartCard password, all versions (7) f5.microsoft_exchange_2010_2013_cas, AAA and mailbox monitor passwords, all versions (8) f5.microsoft_office_365_idp, AAA password (9) f5.microsoft_remote_desktop_gateway, AAA and pool monitor passwords (10) f5.secure_web_gateway, passphrases (11) f5.scim, AAA password

Workaround

Use passwords that do not contain #|{}'";\

Fix Information

The affected iApps now properly escape special characters when building TMSH configuration commands.

Behavior Change