Bug ID 889477: Modern customization does not enforce validation at password changing

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2

Fixed In:
16.0.0, 15.1.0.3

Opened: Mar 12, 2020

Severity: 2-Critical

Symptoms

You can change the password even if there are different values in the fields 'New Password' and 'Confirm Password' or if 'Confirm Password' is empty.

Impact

The system allows the password change, even though the 'New Password' and 'Confirm Password' do not match.

Conditions

-- Access Policy with 'Modern' customization. -- Configure an access policy with 'Logon Page' and 'AD Auth' agents. -- When forced to change passwords, type different values in 'New Password' and 'Confirm Password', or leave 'Confirm Password' empty.

Workaround

None.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips