SOL3456 - RADIUS authentication bypass vulnerability OpenBSD Security Fix #020

ID SOL3456
Type f5
Reporter f5
Modified 2016-07-25T00:00:00


BIG-IP and 3-DNS can be configured to use login_radius for user Command Line Interface (CLI) authentication. When configured in this manner, both products are vulnerable to possible man-in-the-middle attacks that could result in an attacker gaining unauthorized access to the BIG-IP or 3-DNS system. This vulnerability does not affect external RADIUS authentication for the Configuration utility.

Obtaining patches

To obtain patches for BIG-IP and 3-DNS 4.5.0 through 4.5.10, and versions 4.6.0 through 4.6.2, contact F5 Support.