Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP GTM
Known Affected Versions:
10.2.4, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.2.1, 11.4.1, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1, 11.5.4 HF2
Opened: Nov 25, 2015 Severity: 3-Major
HTTP basic authentication uses a base64 encoded string. When an HTTP monitor username or password is changed, the b64 string is regenerated and may become malformed.
An HTTP monitor may show its resource as unavailable after changing the username or password.
When an http monitor username or password is changed, e.g. shortened, then the HTTP basic auth string may be mangled.
Restart big3d, or delete then recreate the monitor instead of modifying the existing monitor.
HTTP monitors will now correctly handle a username or password change.