ID SOL4369 Type f5 Reporter f5 Modified 2013-05-16T00:00:00
Description
BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password.
F5 Product Development tracked this issue as CR45786 and it was fixed in BIG-IP 9.0.5. For information about upgrading, refer to the BIG-IP LTM release notes.
{"modified": "2013-05-16T00:00:00", "id": "SOL4369", "title": "SOL4369 - Configuration utility login vulnerability - CR45786", "published": "2007-05-16T00:00:00", "viewCount": 0, "objectVersion": "1.2", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "lastseen": "2016-05-30T21:02:01", "description": "BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password.\n\nF5 Product Development tracked this issue as CR45786 and it was fixed in BIG-IP 9.0.5. For information about upgrading, refer to the BIG-IP LTM release notes.\n", "href": "http://support.f5.com/kb/en-us/solutions/public/4000/300/sol4369.html", "hash": "83735571cd84c6acbeb21e529ede65dd562c3048b4f27a549af3499e906390eb", "edition": 1, "reporter": "f5", "references": [], "bulletinFamily": "software", "type": "f5", "cvelist": [], "enchantments": {"vulnersScore": 5.0}}
{"result": {"nessus": [{"lastseen": "2017-10-29T13:45:48", "references": ["http://support.f5.com/kb/en-us/solutions/public/4000/300/sol4369.html"], "pluginID": "78202", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "edition": 3, "reporter": "Tenable", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : Configuration utility login vulnerability (SOL4369)", "type": "nessus", "enchantments": {"score": {"modified": "2017-10-29T13:45:48", "vector": "AV:N/AC:L/Au:M/C:N/I:P/A:N/", "value": 3.3}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2016-10-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL4369.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78202", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL4369.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78202);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/10/31 13:56:10 $\");\n\n script_osvdb_id(15714);\n\n script_name(english:\"F5 Networks BIG-IP : Configuration utility login vulnerability (SOL4369)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.f5.com/kb/en-us/solutions/public/4000/300/sol4369.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL4369.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL4369\";\nvmatrix = make_array();\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.2-9.0.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.2\",\"9.3\",\"9.4\",\"9.6\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running the affected module LTM\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "references": [], "description": "## Vulnerability Description\nBIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 9.05 or higher, as it has been reported to fix this vulnerability. In addition, F5 Networks, Inc. has released a patch for some older versions.\n## Short Description\nBIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.\n## References:\nVendor URL: http://www.f5.com/f5products/products/bigip/index.html\nVendor Specific Solution URL: http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html\n[Vendor Specific Advisory URL](http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html)\n[Secunia Advisory ID:14917](https://secuniaresearch.flexerasoftware.com/advisories/14917/)\nISS X-Force ID: 20213\nBugtraq ID: 13240\n", "edition": 1, "reporter": "OSVDB", "published": "2005-04-21T07:14:21", "title": "BIG-IP Configuration Utility Cached Login Credential Authentication Bypass", "type": "osvdb", "enchantments": {"score": {"modified": "2017-04-28T13:20:11", "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/", "value": 3.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP", "version": "9.03", "operator": "eq"}, {"name": "BIG-IP", "version": "9.02", "operator": "eq"}, {"name": "BIG-IP", "version": "9.04", "operator": "eq"}], "cvelist": [], "modified": "2005-04-21T07:14:21", "id": "OSVDB:15714", "href": "https://vulners.com/osvdb/OSVDB:15714", "cvss": {"score": 0.0, "vector": "NONE"}}]}}
