Bug ID 889477: Modern customization does not enforce validation at password changing

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2

Fixed In:
16.0.0, 15.1.0.3

Opened: Mar 12, 2020
Severity: 2-Critical

Symptoms

You can change the password even if there are different values in the fields 'New Password' and 'Confirm Password' or if 'Confirm Password' is empty.

Impact

The system allows the password change, even though the 'New Password' and 'Confirm Password' do not match.

Conditions

-- Access Policy with 'Modern' customization. -- Configure an access policy with 'Logon Page' and 'AD Auth' agents. -- When forced to change passwords, type different values in 'New Password' and 'Confirm Password', or leave 'Confirm Password' empty.

Workaround

None.

Fix Information

None

Behavior Change