Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Feb 07, 2017 Severity: 3-Major
The system currently offers a variety of key and certificate export functionalities through iControl and GUI. However, there is no way for administrators to disallow exporting of private keys in iControl and GUI.
No way to prevent exporting of private keys.
Using iControl and GUI to export of private keys.
None.
By default, key export is enabled. Now an administrator can disable key export by using the tmsh command below. tmsh modify sys crypto allow-key-export value disabled
There is a new configuration option to disallow exporting of private keys in iControl and GUI. By default key export is enabled. Now an administrator can disable key export by using the following tmsh command: tmsh modify sys crypto allow-key-export value disabled