CF Admin Login Security:Form Autocomplete Password?

Question

Security vulnerablity exists within CF administrator log in page (/CFIDE/administrator/login.cfm) HTML form. Does anyone know how to apply a solution or work-around?

Web site security scanning reports the CF adminstrator log in page uses <input> password field autocomplete=on (default). Solution is to edit web page form appending attribute "autocomplete=off". But since the entire CFIDE directory uses ColdFusion's encryption, page is not editable.

A week ago (1/8/14), at Adobe's telephone customer support direction, I submitted a request for help to Adobe's support site (bugbase.adobe.com). Requests to this site go into the ether ("not externally visible"). No response whatever has been provided.

The basic fix is for Adobe to send or provide an updated web page. Problem is a site security issue.

Carl Von Stetten · Accepted Answer

Like I said, the security-related bugs are handled differently from all non-security-related ones. They get hidden from the public bug tracker (for security reasons). Since the public bug tracker is what sends out the auto response emails, you won't get any for security-related bugs. You'll have to contact Adobe directly to get status updates.

-Carl V.

Carl Von Stetten · Answer

I think bugs related to security are automatically "hidden" for security reasons. Other (non-security) bugs result in notification emails whenever their status changes or comments are added. You may have to get back in touch with Adobe phone support to find out how you can track the status.

-Carl V.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded