Bug ID 977681: Incorrect error message when changing password using passwd

Last Modified: Nov 02, 2023

Affected Product(s):
BIG-IP AFM, APM, ASM, AVR, BIG-IQ, DNS, GTM, LTM, PEM, SSLO, TMOS, vCMP(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1

Opened: Dec 31, 2020

Severity: 4-Minor

Symptoms

When using the 'passwd' utility from the command line to change a user password, the error message on why the new password is not accepted is wrong. Instead of the actual reason why the new password is not accepted, the following message is printed: "passwd.bin: Have exhausted maximum number of retries for service"

Impact

The real reason why the new password is not accepted is masked by the default error message: "passwd.bin: Have exhausted maximum number of retries for service"

Conditions

- Using the 'passwd' utility from the command line to change a user password. - The new password is not accepted according to the configured tmsh auth password-policy.

Workaround

Instead of using the command line 'passwd' utility, change the user password using tmsh. With tmsh, the real reason why a new password is not accepted is printed accurately: root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify auth password root changing password for root new password: default confirm password: default 01070366:3: Bad password (root): BAD PASSWORD: it is too simplistic/systematic Or, when using the 'passwd' utility from the command line, it's still possible to find the actual reason why the new password isn't accepted in the /var/log/ltm log file.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips