Cleartext Storage of Sensitive Information in a Cookie on Admin Page

New Here ,
Apr 21, 2021 Apr 21, 2021

Copy link to clipboard

Copied

we have security vulnarability found in penetration testing :

Cleartext Storage of Sensitive Information in a Cookie

page- administrator/index.cfm

coldfusion version 11

 

This app is using base64 encoding for admin console cookies. Base64 encoding is only making it harder to decode, therefore provides only weak protection mechanism. Cookies therefore include admin password. Also as is described in other parts of report this cookie is exchanged via unencrypted channel.
Resolution
Instead of using base64 encoded plaintext with password use some random string to authenticate valid admin privilege session.

 

Question - can someone help how to fix this it?

Views

74

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 21, 2021 Apr 21, 2021

Copy link to clipboard

Copied

LATEST

A suggestion. Open the ColdFusion Administrator and go to Server Settings > Memory Variables. Scroll to the bottom of the page. Select the strongest cookie security settings.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines