Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

01020036:3: The requested database variable (icontrol.basic_auth) was not found

Bryan_T_
MVP
MVP

I'm trying to mitigate the SOAP vulnerability that just came out here:

https://support.f5.com/csp/article/K94221585

I get the below error. Any ideas?

[root@bigip1:Active:In Sync] config # tmsh modify sys db icontrol.basic_auth value disable
01020036:3: The requested database variable (icontrol.basic_auth) was not found.

Thanks

 

 

3 REPLIES 3

Hi Bryan_T_,

This feature will be available in fixed versions.

To eliminate this vulnerability in the BIG-IP system, after installing a version listed in the Fixes introduced in column, you must disable Basic Authentication for iControl SOAP.


 

Samir
MVP
MVP

Which version of F5 you are running? You can verify the httpd.basic_auth  with these comamnd. 

BASH Mode command
getdb httpd.basic_auth

TMSH Mode command
tmsh list sys db httpd.basic_auth

If these are enabled then take recommended action based on f5

https://support.f5.com/csp/article/K94221585

Thank you

root@(bigip1)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# list sys db httpd.basic_auth
sys db httpd.basic_auth {
value "enable"
}
root@(bigip1)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# quit
[root@bigip1:Active:Changes Pending] config # list sys db httpd.basic_auth
-bash: list: command not found
[root@bigip1:Active:Changes Pending] config #