cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

hashing passwords/passphrases

ABUZER_TUTUS
Nimbostratus
Nimbostratus

Hello,

 

are there any changes with the hasing of passwords? With BIGIP-14.1.2.6 these are not anymore like $M..., each time new generated ones with the length of 50 wenn calling over rest api (client-ssl, radius server, monitoring etc).

3 REPLIES 3

Satoshi_Toyosa1
F5 Employee
F5 Employee

I presume you observed a string like "_e4h9VgHA`JG1MSE@c.e?2lkn>ZG[Wombh[o>67kaC_kV`J" (not exacly 50 characters but close enough). BIG-IP started to experience the issue since 14.1.0, however, I did not see the behavior on 14.1.2 (Final). F5 identified the issue but no fix is provided yet.

 

Meanwhile, you can use the /mgmt/tm/util/bash endpoint to directly evoke tmsh command. For example, getting the secret property from RADIUS setting (equivalent to 'tmsh list auth radius-server system_auth_name1 secret') using curl:

# curl -sku $PASS https://$HOST/mgmt/tm/util/bash -X POST -H "Content-Type: application/json" -d '{"command":"run", "utilCmdArgs":"-c \"tmsh list auth radius-server system_auth_name1 secret\""}' { "command": "run", "commandResult": "auth radius-server system_auth_name1 {\n secret $M$Ti$Jh/EsK9GLFOp02s5m8kgjg==\n}\n", "kind": "tm:util:bash:runstate", "utilCmdArgs": "-c \"tmsh list auth radius-server system_auth_name1 secret\"" }

Not elegant, I agree (especially with the quotes with escapes) but it would do the job for you.

 

 

ABUZER_TUTUS
Nimbostratus
Nimbostratus

Hello,

 

we currently use a puppet module to manage the monitor, profile client ssl and radius server ressources via icontrol rest api. As a workaroud meanwhile I check now if the length of the hashed password > 40 or as previously if it starts with $M.

Satoshi_Toyosa1
F5 Employee
F5 Employee

The versions affected by this issue are: 14.1.2.6, 14.1.2.5, 14.1.0.1 and 14.1.0. You should be able to fix this by changing to a version not affected, however, unfortunately, the current latest point release for 14.1.2 is 14.1.2.6. 15.1.0.4 might be a good choice. You can also submit a ticket to F5 Support and ask for a hotfix for ID745423 on top of 14.1.2.6.