cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

CF Admin Login Security:Form Autocomplete Password?

GuyMcMickle
Participant ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

Security vulnerablity exists within CF administrator log in page (/CFIDE/administrator/login.cfm) HTML form.  Does anyone know how to apply a solution or work-around? 

Web site security scanning reports the CF adminstrator log in page uses <input> password field autocomplete=on (default).  Solution is to edit web page form appending attribute "autocomplete=off".  But since the entire CFIDE directory uses ColdFusion's encryption, page is not editable. 

A week ago (1/8/14), at Adobe's telephone customer support direction, I submitted a request for help to Adobe's support site (bugbase.adobe.com).  Requests to this site go into the ether ("not externally visible"). No response whatever has been provided. 

The basic fix is for Adobe to send or provide an updated web page.  Problem is a site security issue.

Views

817

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Carl Von Stetten
Guide , Jan 15, 2014 Jan 15, 2014

Like I said, the security-related bugs are handled differently from all non-security-related ones.  They get hidden from the public bug tracker (for security reasons).  Since the public bug tracker is what sends out the auto response emails, you won't get any for security-related bugs.  You'll have to contact Adobe directly to get status updates.

-Carl V.

Votes

Translate

Translate
replies 5 Replies 5
latest latest Jump to latest reply
Carl Von Stetten
Guide ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

I think bugs related to security are automatically "hidden" for security reasons.  Other (non-security) bugs result in notification emails whenever their status changes or comments are added.  You may have to get back in touch with Adobe phone support to find out how you can track the status.

-Carl V.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
GuyMcMickle
Participant ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

In Response To Carl Von Stetten

Viewing page source (View|Source - IE) shows <input> password field uses attribute "autocomplete=false".  "false" does work for me to disable automatic fill in. However security scan must be looking for the correct HTML syntax  "autocomplete=off"  (http://www.w3.org/wiki/HTML/Elements/input/password). 

Adobe telephone customer support said I would get a response by email or telephone after submitting "bugbase" request.  Any response has never come.  As a customer, and for my customer, even an automated email from Adobe would be appreciated. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Carl Von Stetten
Guide ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

In Response To GuyMcMickle

Like I said, the security-related bugs are handled differently from all non-security-related ones.  They get hidden from the public bug tracker (for security reasons).  Since the public bug tracker is what sends out the auto response emails, you won't get any for security-related bugs.  You'll have to contact Adobe directly to get status updates.

-Carl V.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
GuyMcMickle
Participant ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

In Response To Carl Von Stetten

I called Adobe customer support,  Support found the bug number, discussed the concern, and issue is progressing. 

Thanks Carl

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anit_Kumar Adobe Employee
Adobe Employee ,
Jan 15, 2014 Jan 15, 2014

Copy link to clipboard

Copied

LATEST
In Response To GuyMcMickle

Here is the Bug# 3690477. We are looking into.

Regards,

Anit Kumar

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices