A vulnerability has been reported in BIG-IP, which can be exploited by malicious people to bypass the user authentication.
The problem is that login credentials are cached for the Configuration utility and once a user is logged in, the entered password is not checked for subsequent sessions under that username.
Successful exploitation grants access without supplying a valid password.
The vulnerability affects versions 9.0.2 through 9.0.4.
OPERATING SYSTEM:
BIG-IP 9.x
SOLUTION:
Update to version 9.0.5 or apply patches.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
F5 Networks:
http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html
VERIFY ADVISORY:
http://secunia.com/advisories/14917/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050426092547214