Bug ID 579565: FIPS (ngfips) card-sync fails due to its lacking ability to properly handle "\" in the SO (security officer) password.

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4

Fixed In:
13.0.0

Opened: Mar 10, 2016
Severity: 3-Major

Symptoms

When setting up SO (security officer) password using "tmsh run util fips-util -f init", it accepts the password containing "\" without showing problems. However, card-sync will fail since it can't properly log on the fips with the password.

Impact

A password containing '\' will fail the card-sync process in FIPS HA setup.

Conditions

FIPS card with a security officer that contains "\"

Workaround

Reset the password using command "tmsh run util fips-util -f init" and avoid the special character '\'.

Fix Information

The fix makes fips (ngfips) able to properly handle "\" in the SO (security officer) password so that card-sync won't fail due to it.

Behavior Change