Bug ID 702222: RADIUS and SecurID Auth fails with empty password

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:

Fixed In:

Opened: Jan 16, 2018

Severity: 3-Major


If password value is empty, the following error message will be logged in /var/log/apm: err apmd[14259]: 014902f0:3: /Common/profile_name:Common:eb69a5gd: RADIUS Agent: Failed to read Password Source session variable:


User may not be authenticated.


This occurs only when following conditions are met: - RADIUS or SecurID auth agent is included in the access policy. - Empty password value is used for authentication.


- Add variable assignment agent before RADIUS/SecurID auth agent in the access policy. - Set 'session.logon.last.password' (or whatever password source is used for authentication) to a random value.

Fix Information

RADIUS/SecurID auth agent allows empty password value for authentication.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips