CVE-2020-5890

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.0.1 F5 BIG-IQ versions 5.2.0 through 7.1.0

Description The issue concerns the creation of a QKView on affected F5 BIG-IP and BIG-IQ versions. When creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.

Recommendations For F5 BIG-IP versions 12.1.0 through 12.1.5.1, consider disabling the QKView creation feature until a patch is available. For F5 BIG-IP versions 13.1.0 through 13.1.3.3, consider disabling the QKView creation feature until a patch is available. For F5 BIG-IP versions 14.1.0 through 14.1.2.3, consider disabling the QKView creation feature until a patch is available. For F5 BIG-IP versions 15.0.0 through 15.0.1, consider disabling the QKView creation feature until a patch is available. For F5 BIG-IQ versions 5.2.0 through 7.1.0, consider disabling the QKView creation feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.