Operational Defect Database
BugZero found this defect 1966 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 739820
Validation does not reject IPv6 address for TACACS auth configuration
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP All
Affected releases:
11.5.0
11.5.1
11.5.2
11.5.3
11.5.4
11.5.5
11.5.6
11.5.7
11.5.8
11.5.9
11.5.10
11.6.0
Fixed releases:
No fixed releases provided.
Description:
Severity: 3-Major ... Symptoms ... TACACS authentication does not support IPv6 address for the authentication server, but both GUI and TMSH allow IPv6 addresses to be configured for TACACS. ... Such configurations may result in failed logins with messages in /var/log/secure like Aug 8 10:47:39 gtm-13108-174 err httpd[5948]: pam_tacplus: skip invalid server: 2001::1001:1001 (invalid port: no digits) ... Impact ... Remote authentication will fail unless a second server is configured with IPv4 address. ... Conditions ... Use the GUI or TMSH to create or modify a TACACS server
