Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Mar 10, 2016 Severity: 3-Major
When setting up SO (security officer) password using "tmsh run util fips-util -f init", it accepts the password containing "\" without showing problems. However, card-sync will fail since it can't properly log on the fips with the password.
A password containing '\' will fail the card-sync process in FIPS high availability (HA) setup.
FIPS card with a security officer that contains "\"
Reset the password using command "tmsh run util fips-util -f init" and avoid the special character '\'.
The fix makes fips (ngfips) able to properly handle "\" in the SO (security officer) password so that card-sync won't fail due to it.