we have security vulnarability found in penetration testing :
Cleartext Storage of Sensitive Information in a Cookie
page- administrator/index.cfm
coldfusion version 11
This app is using base64 encoding for admin console cookies. Base64 encoding is only making it harder to decode, therefore provides only weak protection mechanism. Cookies therefore include admin password. Also as is described in other parts of report this cookie is exchanged via unencrypted channel.
Resolution
Instead of using base64 encoded plaintext with password use some random string to authenticate valid admin privilege session.
Question - can someone help how to fix this it?
1
Reply
AdChoices