UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must require a username and password for access by each authorized user access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62365 CF11-02-000030 SV-76855r1_rule High
Description
Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. Enforcing non-repudiation of actions requires that each user be identified. Without this identification, events cannot be traced to a user, and a forensic investigation cannot be conducted to determine what exactly happened and who caused the event to occur. By forcing users to authenticate, each auditable event can be tied to a user, and a sequence of events for the user can be determined. This is critical when investigating an issue or an attack.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2017-06-15

Details

Check Text ( C-63169r1_chk )
Access the "Administrator" page under the "Security" menu within the Administrator Console.

If the "Separate user name and password authentication" is not selected, this is a finding.
Fix Text (F-68285r1_fix)
Access the "Administrator" page under the "Security" menu within the Administrator Console. Select "Separate user name and password authentication" and select the "Submit Changes" button.