F5 | 1403797

Bug ID 1403797: Extending the username existence check for remote users ... Last Modified: Apr 26, 2024 ... Affected Product(s): ... Severity: 3-Major ... Symptoms ... The below endpoints that helps admin role users to create authentication tokens for the same or other role users, are unable to validate the username (either in the attribute or in the user link of the supplied payload) against the existence check. /mgmt/cm/system/authn/providers/tmos/token-generator /mgmt/shared/authz/tokens ... Impact ... Admin role user can create authentication token for any non-existing or disabled remote user, which is not expected to happen. ... Conditions ... When admin role user is trying to create authentication token for same or other role users on behalf of using the following endpoints, with a non-existing username supplied. /mgmt/cm/system/authn/providers/tmos/token-generator /mgmt/shared/authz/tokens