Cleartext Storage of Sensitive Information in a Cookie on Admin Page

Question

we have security vulnarability found in penetration testing :

Cleartext Storage of Sensitive Information in a Cookie

page- administrator/index.cfm

coldfusion version 11

This app is using base64 encoding for admin console cookies. Base64 encoding is only making it harder to decode, therefore provides only weak protection mechanism. Cookies therefore include admin password. Also as is described in other parts of report this cookie is exchanged via unencrypted channel.
Resolution
Instead of using base64 encoded plaintext with password use some random string to authenticate valid admin privilege session.

Question - can someone help how to fix this it?

BKBK · Answer

A suggestion. Open the ColdFusion Administrator and go to Server Settings > Memory Variables. Scroll to the bottom of the page. Select the strongest cookie security settings.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded