Bug ID 556092: Password copying in Variable Assign Agent may fail if user decides not to change password

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.1.0, 11.2.0, 11.3.0, 11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
13.0.0

Opened: Nov 04, 2015
Severity: 3-Major

Symptoms

Copying password using "mcget -secure" command in Variable Assignment agent will fail if user decides not to change password when prompted.

Impact

New session variable will not be created by the Variable Assign Agent.

Conditions

The problem happens with these three conditions: 1. AD Query Agent is configured with "Prompt user to change password before expiration"; AND 2. User's password is about to expire and is prompted to change password by AD Query Agent; AND 3. User has chosen not to change password.

Workaround

Moving the Variable Assign Agent before the AD Query Agent.

Fix Information

after fix, password is always stored as secure session variable session.logon.last.password in encrypted form.

Behavior Change