We use CFLOGIN and set the password to "Iam:testing", when you go to authenticate and output #cflogin.password#
it truncates the password at the ":", so it outputs "Iam".
We are using this against LDAP and ":" are allowed in our password rules.
Is CFLOGIN supposed to truncate these?
I cannot find any documentation on this.
Even worse, if you enter "abcd:defg" in the j_username field and any arbitrary string in the j_password field, Coldfusion will read the of cflogin.username as abcd and cflogin.password as defg. It is a bug. Report it.