Bug ID 702222: RADIUS and SecurID Auth fails with empty password

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3

Fixed In:
14.0.0, 13.1.0.4

Opened: Jan 16, 2018
Severity: 3-Major

Symptoms

If password value is empty, the following error message will be logged in /var/log/apm: err apmd[14259]: 014902f0:3: /Common/profile_name:Common:eb69a5gd: RADIUS Agent: Failed to read Password Source session variable:

Impact

User may not be authenticated.

Conditions

This occurs only when following conditions are met: - RADIUS or SecurID auth agent is included in the access policy. - Empty password value is used for authentication.

Workaround

- Add variable assignment agent before RADIUS/SecurID auth agent in the access policy. - Set 'session.logon.last.password' (or whatever password source is used for authentication) to a random value.

Fix Information

RADIUS/SecurID auth agent allows empty password value for authentication.

Behavior Change