SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 12:28 PM EST

BIG-IP Configuration Utility Login Credentials Caching Vulnerability

    
Tuesday, April 26 2005 @ 09:25 AM EDT

Web Appliances/DevicesA vulnerability has been reported in BIG-IP, which can be exploited by malicious people to bypass the user authentication.

The problem is that login credentials are cached for the Configuration utility and once a user is logged in, the entered password is not checked for subsequent sessions under that username.

Successful exploitation grants access without supplying a valid password.

The vulnerability affects versions 9.0.2 through 9.0.4.

OPERATING SYSTEM:
BIG-IP 9.x

SOLUTION:
Update to version 9.0.5 or apply patches.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
F5 Networks:
http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html

VERIFY ADVISORY:
http://secunia.com/advisories/14917/

Secunia Security Advisories

 
What's Related

Story Options

BIG-IP Configuration Utility Login Credentials Caching Vulnerability | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds