SOL4369 - Configuration utility login vulnerability - CR45786

2007-05-16T00:00:00
ID SOL4369
Type f5
Reporter f5
Modified 2013-05-16T00:00:00

Description

BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password.

F5 Product Development tracked this issue as CR45786 and it was fixed in BIG-IP 9.0.5. For information about upgrading, refer to the BIG-IP LTM release notes.