Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Stefan_Engel's avatar
Stefan_Engel
Icon for Cirrus rankCirrus
Apr 06, 2023

Secure password policy for the BIG-IP enforcement

Hi,  I've made some adjustements to the secure password policy, but I'm still abe to create a new user with a password which doesnt match the requirements.  I noticed that I'm not able to login - w...
password policy
security
Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Apr 11, 2023
I just tested this on v16.1.3.4 and can confirm that it works for me:
(tmos)# list auth password-policy all-properties
auth password-policy {
    description none
    expiration-warning 7
    lockout-duration 0
    max-duration 99999
    max-login-failures 0
    min-duration 0
    minimum-length 12
    password-memory 0
    policy-enforcement enabled
    required-lowercase 1
    required-numeric 1
    required-special 1
    required-uppercase 1
}

(tmos)# create auth user test1 password 1234
There were warnings:
WARNING! Role no-access will lockout the user test1.

01070366:3: Bad password (test1): BAD PASSWORD: it is too short

There was no need to manually enable BigDB key users.strictpasswords" since this gets enabled automatically as soon as you enable the policy-enforcement setting in TMSH (modify auth password-policy policy-enforcement enabled)