Last Modified: May 29, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
13.0.1, 13.0.0, 12.1.5.2, 12.1.5.1, 12.1.5, 12.1.4.1, 12.1.4, 12.1.3.7, 12.1.3.6, 12.1.3.5, 12.1.3.4, 12.1.3.3, 12.1.3.2, 12.1.3.1, 12.1.3
Opened: Mar 21, 2018 Severity: 3-Major Related Article:
K25280801
Newly created admin users are immediately demoted to guest.
In a few seconds, the newly created admin user account reverts to a guest role. User does not have the expected admin access.
-- A sync-failover device group exists. -- The REST framework's 'gossip' mechanism is configured. -- Create a new admin user using a command similar to the following examples: tmsh ----- tmsh create auth user test123 password **** partition-access add { all-partitions { role admin } } GUI ----- via WebUI System menu :: Users User Name: test123 Password: **** Confirm: **** Role: Administrator Partition: All Click Finish button Note: Correct REST framework 'gossip' mechanism configuration should occur automatically, but might not be ready. You can confirm whether this is the case by running the following command: restcurl shared/resolver/device-groups/tm-shared-all-big-ips/devices. The output must show all your devices, and show that they all have the same 'version' and the same 'restFrameworkVersion'.
On the primary BIG-IP system, do the following: 1. Disable failover by running the following command: restcurl -X PATCH tm/shared/bigip-failover-state -d '{"isEnabled": false}' 2. Clear REST devices from the device group by running the following command: restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices
None