STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

The ColdFusion Administrator Console must transmit only encrypted representations of passwords.

DISA Rule

SV-76947r1_rule

Vulnerability Number

V-62457

Group Title

SRG-APP-000172-AS-000120

Rule Version

CF11-04-000134

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Review the documentation for the web server where the Administrator Console is being hosted and setup https encryption to protect passwords during the authentication process.

Check Contents

Access the Administrator Console through a web browser. Look for indications that the communication is an https session through the prefix of https on the url and/or the lock icon, depending on the browser in use.

If https does not appear to be in use, this is a finding.

Vulnerability Number

V-62457

Documentable

False

Rule Version

CF11-04-000134

Severity Override Guidance

Access the Administrator Console through a web browser. Look for indications that the communication is an https session through the prefix of https on the url and/or the lock icon, depending on the browser in use.

If https does not appear to be in use, this is a finding.

Check Content Reference

M

Target Key

2661

Comments