F5 BIG-IP User Interface Login Credential Caching Vulnerability
BID:13240
Info
F5 BIG-IP User Interface Login Credential Caching Vulnerability
| Bugtraq ID: | 13240 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2005 12:00AM |
| Updated: | Apr 18 2005 12:00AM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
F5 BIG-IP 9.0.4 F5 BIG-IP 9.0.3 F5 BIG-IP 9.0.2 |
| Not Vulnerable: |
F5 BIG-IP 9.0.5 F5 BIG-IP 9.0.1 F5 BIG-IP 9.0 |
Discussion
F5 BIG-IP User Interface Login Credential Caching Vulnerability
A vulnerability is present in the F5 BIG-IP user interface.
This issue exists because the Configuration utility does not check the credentials for additional sessions from a user once they are logged in.
Versions 9.0.2 through to 9.0.4 of BIG-IP are reported vulnerable to this issue.
A vulnerability is present in the F5 BIG-IP user interface.
This issue exists because the Configuration utility does not check the credentials for additional sessions from a user once they are logged in.
Versions 9.0.2 through to 9.0.4 of BIG-IP are reported vulnerable to this issue.
Exploit / POC
F5 BIG-IP User Interface Login Credential Caching Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
F5 BIG-IP User Interface Login Credential Caching Vulnerability
Solution:
The vendor has released fixes for this issue. Customers are directed to the following URI:
http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html
Solution:
The vendor has released fixes for this issue. Customers are directed to the following URI:
http://tech.f5.com/home/bigip-next/solutions/gui/sol4369.html
References
F5 BIG-IP User Interface Login Credential Caching Vulnerability
References:
References:
- BigIP Product Information (F5 Software)