Bug ID 775797: Previously deleted user account might get authenticated

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Opened: Apr 23, 2019
Severity: 3-Major


A user account which may have originally been manually configured as a local user (auth user) but may have since been removed, might still get authenticated and be able to modify the BIG-IP configuration.


The deleted user that no longer exists in the local user list and which is also not explicitly authorized by remote role groups, can get authenticated. The deleted user is also able to modify the BIG-IP configuration via iControl.


-- User account configured as local user. -- The user account is deleted later. (Note: The exact steps to produce this issue are not yet known).



Fix Information


Behavior Change