cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

coldfusion administratro login page autocomplete attribute

kshuck
New Here ,
Jan 10, 2013 Jan 10, 2013

A little background: I tookover maintaining a  website for a client.  They have forms that collect sensitive information, so they have it set up to get scanned for PCI Compliance every month.  They haven't passed compliance in 8 months or so, and no one has tackled the issues until now.

Main Point:  the PCI compliance scanned has a low level entry saying the following:

The web server running on this host uses password fields that allow auto-completion by users' browsers. This could allow a user's credentials to be stored by the browser and subsequently exposed if the user's computer becomes compromised.

After looking into the issue, the input fields have the autocomplete attribute, but it equals "false" instead of "off", which is incorrect.

I tried to change it to off, but then it throws an error and the only way I could get it to work is to restore the file from a backup.

Question:  Is there a way I can edit this file (I'm guessing its encoded), or does adobe have a fix for it?  

827
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
WolfShade
LEGEND ,
Jan 11, 2013 Jan 11, 2013

Why do you guess that the file is encoded?

What are you using for editing the file?

Sorry.. it's late on a Friday, and I won't be back until Monday morning.

^_^

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kshuck
New Here ,
Jan 11, 2013 Jan 11, 2013
In Response To WolfShade

I'm using Dreamweaver (CS5.5), and there is a bunch of strange characters in the file, then the input fields in plain text, as soon as I edit the autocomplete attribute, the login stops working.

To clarify this is the file I'm talking about:   <webroot>/CFIDE/administrator/login.cfm

thanks

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Charlie Arehart Community Expert
Community Expert ,
Jan 11, 2013 Jan 11, 2013
LATEST
In Response To kshuck

Interesting, K.

The CF Admin files are indeed encoded, so this is something you’d need to get Adobe to correct and re-issue the file. You should report this as a bug (https://bugbase.adobe.com/) or, since it’s a security concern, post it at the Adobe PSIRT issue reporting page, http://www.adobe.com/support/security/alertus.html.

In the meantime, you could perhaps pass the scan by blocking public access to the CF Admin, so that the scan can’t even see the page. There are a number of ways to do that, some of which are explained in the Adobe-provided CF “lockdown guide”, whose link (for each CF release) you can easily find by a web search.

/charlie


/Charlie (troubleshooter, carehart. org)
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices