Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0
Opened: Apr 09, 2014 Severity: 4-Minor
Password strings in monitors created by some iapps will not work if they contain one of these 8 characters #|{}'";\ All other characters, including ~!@$%^&*()_+=-[]:`<>?/., may be used in monitor passwords without issue.
A pool monitor using credentials affected by this bug will report all pool members down.
One of the 8 special characters (#|{}'";\) must be used in one of the following iApp fields: (1) f5.radius monitor password and secret, affected since 11.4 (2) f5.ldap monitor password, affected since 11.4 (3) f5.http and related templates, monitor password, affected since 11.5 (only in advanced mode when pool requires credentials) (4) f5.sharepoint_2010_2013, monitor password, all versions (5) f5.vmware_view, AAA monitor password, all versions (6) f5.citrix_vdi, AAA monitor and SmartCard password, all versions (7) f5.microsoft_exchange_2010_2013_cas, AAA and mailbox monitor passwords, all versions (8) f5.microsoft_office_365_idp, AAA password (9) f5.microsoft_remote_desktop_gateway, AAA and pool monitor passwords (10) f5.secure_web_gateway, passphrases (11) f5.scim, AAA password
Use passwords that do not contain #|{}'";\
The affected iApps now properly escape special characters when building TMSH configuration commands.