5 Replies Latest reply on Jan 15, 2014 3:36 PM by Anit_Kumar

    CF Admin Login Security:Form Autocomplete Password?

    GuyMcMickle Level 1

      Security vulnerablity exists within CF administrator log in page (/CFIDE/administrator/login.cfm) HTML form.  Does anyone know how to apply a solution or work-around? 

       

      Web site security scanning reports the CF adminstrator log in page uses <input> password field autocomplete=on (default).  Solution is to edit web page form appending attribute "autocomplete=off".  But since the entire CFIDE directory uses ColdFusion's encryption, page is not editable. 

       

      A week ago (1/8/14), at Adobe's telephone customer support direction, I submitted a request for help to Adobe's support site (bugbase.adobe.com).  Requests to this site go into the ether ("not externally visible"). No response whatever has been provided. 

       

      The basic fix is for Adobe to send or provide an updated web page.  Problem is a site security issue.