Bug ID 559975: Changing the username or password used for HTTP monitor basic auth may break HTTP basic auth

Last Modified: Dec 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP GTM(all modules)

Known Affected Versions:
10.2.4, 11.2.1, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1, 11.5.4 HF2

Opened: Nov 25, 2015
Severity: 3-Major

Symptoms

HTTP basic authentication uses a base64 encoded string. When an HTTP monitor username or password is changed, the b64 string is regenerated and may become malformed.

Impact

An HTTP monitor may show its resource as unavailable after changing the username or password.

Conditions

When an http monitor username or password is changed, e.g. shortened, then the HTTP basic auth string may be mangled.

Workaround

Restart big3d, or delete then recreate the monitor instead of modifying the existing monitor.

Fix Information

HTTP monitors will now correctly handle a username or password change.

Behavior Change