Bug ID 889477: Modern customization does not enforce validation at password changing

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2

Fixed In:
16.0.0, 15.1.0.3

Opened: Mar 12, 2020
Severity: 2-Critical

Symptoms

You can change the password even if there are different values in the fields 'New Password' and 'Confirm Password' or if 'Confirm Password' is empty.

Impact

The system allows the password change, even though the 'New Password' and 'Confirm Password' do not match.

Conditions

-- Access Policy with 'Modern' customization. -- Configure an access policy with 'Logon Page' and 'AD Auth' agents. -- When forced to change passwords, type different values in 'New Password' and 'Confirm Password', or leave 'Confirm Password' empty.

Workaround

None.

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks