Bug ID 619706: tmsh appears to allow password change for internal lcd admin user

Last Modified: Dec 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
13.0.0

Opened: Sep 29, 2016
Severity: 4-Minor

Symptoms

The 'tmsh modify auth password' command appears to allow the password to be changed for the f5hubblelcdadmin user.

Impact

This operation appears to succeed, but has no actual effect on BIG-IP operations. This is an internal user account which provides the context for communication with the lcd front panel display on newer BIG-IP appliances. Changing the stored password for this user account does not affect these operations.

Conditions

Using the 'modify auth password' command under tmsh, and manually specifying the 'f5hubblelcdadmin' user (which does not appear among the list of available users, such as via tab-completion).

Workaround

None

Fix Information

Removed the appearance of the ability to change the password for the internal lcd admin user.

Behavior Change