STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must transmit only encrypted representations of passwords to the mail server.

DISA Rule

SV-76949r1_rule

Vulnerability Number

V-62459

Group Title

SRG-APP-000172-AS-000120

Rule Version

CF11-04-000135

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Navigate to the "Mail" page under the "Server Settings" menu. Enable SSL/TLS by checking "Enable SSL socket connections to mail server" and/or "Enable TLS connection to mail server" options and select the "Submit Changes" button.

Check Contents

Within the Administrator Console, navigate to the "Mail" page under the "Server Settings" menu.

If a user name and password are required for authentication and "Enable TLS connection to mail server" is unchecked and "Enable SSL socket connects to mail server" is unchecked, this is a finding.

Vulnerability Number

V-62459

Documentable

False

Rule Version

CF11-04-000135

Severity Override Guidance

Within the Administrator Console, navigate to the "Mail" page under the "Server Settings" menu.

If a user name and password are required for authentication and "Enable TLS connection to mail server" is unchecked and "Enable SSL socket connects to mail server" is unchecked, this is a finding.

Check Content Reference

M

Target Key

2661

Comments