STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must transmit only encrypted representations of passwords for Flex Integration.

DISA Rule

SV-76945r1_rule

Vulnerability Number

V-62455

Group Title

SRG-APP-000172-AS-000120

Rule Version

CF11-04-000133

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Navigate to the "Flex Integration" page under the "Data & Services" menu. Check "Enable RMI over SSL for Data Management" and select the "Submit Changes" button.

Check Contents

Within the Administrator Console, navigate to the "Flex Integration" page under the "Data & Services" menu. Ask the administrator if Flex is being used and if user credentials are being used for authentication.

If user credentials are being used for Flex authentication to ColdFusion and "Enable RMI over SSL for Data Management" is not checked, this is a finding.

Vulnerability Number

V-62455

Documentable

False

Rule Version

CF11-04-000133

Severity Override Guidance

Within the Administrator Console, navigate to the "Flex Integration" page under the "Data & Services" menu. Ask the administrator if Flex is being used and if user credentials are being used for authentication.

If user credentials are being used for Flex authentication to ColdFusion and "Enable RMI over SSL for Data Management" is not checked, this is a finding.

Check Content Reference

M

Target Key

2661

Comments