BIG-IP Configuration Utility Cached Login Credential Authentication Bypass

2005-04-21T07:14:21
ID OSVDB:15714
Type osvdb
Reporter OSVDB
Modified 2005-04-21T07:14:21

Description

Vulnerability Description

BIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Solution Description

Upgrade to version 9.05 or higher, as it has been reported to fix this vulnerability. In addition, F5 Networks, Inc. has released a patch for some older versions.

Short Description

BIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

References:

Vendor URL: http://www.f5.com/f5products/products/bigip/index.html Vendor Specific Solution URL: http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html Vendor Specific Advisory URL Secunia Advisory ID:14917 ISS X-Force ID: 20213 Bugtraq ID: 13240