For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ABUZER_TUTUS's avatar
ABUZER_TUTUS
Icon for Nimbostratus rankNimbostratus
Jul 02, 2020

hashing passwords/passphrases

Hello,   are there any changes with the hasing of passwords? With BIGIP-14.1.2.6 these are not anymore like $M..., each time new generated ones with the length of 50 wenn calling over rest api (c...
BIG-IP
iControlREST
security
Satoshi_Toyosa1's avatar
Satoshi_Toyosa1
Ret. Employee
Jul 21, 2020

I presume you observed a string like "_e4h9VgHA`JG1MSE@c.e?2lkn>ZG[Wombh[o>67kaC_kV`J" (not exacly 50 characters but close enough). BIG-IP started to experience the issue since 14.1.0, however, I did not see the behavior on 14.1.2 (Final). F5 identified the issue but no fix is provided yet.

Meanwhile, you can use the /mgmt/tm/util/bash endpoint to directly evoke tmsh command. For example, getting the secret property from RADIUS setting (equivalent to 'tmsh list auth radius-server system_auth_name1 secret') using curl:

# curl -sku $PASS https://$HOST/mgmt/tm/util/bash -X POST -H "Content-Type: application/json" -d '{"command":"run", "utilCmdArgs":"-c \"tmsh list auth radius-server system_auth_name1 secret\""}' 
{
    "command": "run",
    "commandResult": "auth radius-server system_auth_name1 {\n    secret $M$Ti$Jh/EsK9GLFOp02s5m8kgjg==\n}\n",
    "kind": "tm:util:bash:runstate",
    "utilCmdArgs": "-c \"tmsh list auth radius-server system_auth_name1 secret\""
}

Not elegant, I agree (especially with the quotes with escapes) but it would do the job for you.