Forum Discussion
01020036:3: The requested database variable (icontrol.basic_auth) was not found
I'm trying to mitigate the SOAP vulnerability that just came out here:
https://support.f5.com/csp/article/K94221585
I get the below error. Any ideas?
[root@bigip1:Active:In Sync] config # tmsh modify sys db icontrol.basic_auth value disable
01020036:3: The requested database variable (icontrol.basic_auth) was not found.
Thanks
Hi Bryan_T_,
This feature will be available in fixed versions.
To eliminate this vulnerability in the BIG-IP system, after installing a version listed in the Fixes introduced in column, you must disable Basic Authentication for iControl SOAP.
Which version of F5 you are running? You can verify the httpd.basic_auth with these comamnd.
BASH Mode command getdb httpd.basic_auth TMSH Mode command tmsh list sys db httpd.basic_auth
If these are enabled then take recommended action based on f5
https://support.f5.com/csp/article/K94221585
Thank you
root@(bigip1)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# list sys db httpd.basic_auth
sys db httpd.basic_auth {
value "enable"
}
root@(bigip1)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# quit
[root@bigip1:Active:Changes Pending] config # list sys db httpd.basic_auth
-bash: list: command not found
[root@bigip1:Active:Changes Pending] config #
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com