Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62075 | CF11-01-000001 | SV-76565r1_rule | Low |
Description |
---|
The ColdFusion Administrator Console is used to manage the ColdFusion application server. The console allows a user to configure settings used by hosted applications, maintain connections to external resources, review logs, etc. By disallowing concurrent logons, a user has a method to determine if his account has been comprised (The user will be unable to log into the Administrator Console.) and deters a user from having an open idle session from different work stations which can also be used by an attacker. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-12-31 |
Check Text ( C-62879r2_chk ) |
---|
Within the Administrator Console, navigate to the "Administrator" settings under the "Security" menu. If the setting "Allow concurrent login sessions for Administrator Console" is checked, this is a finding. |
Fix Text (F-67995r1_fix) |
---|
Within the Administrator Console, navigate to the "Administrator" settings under the "Security" menu. To disable concurrent logins, uncheck the "Allow concurrent login sessions for Administrator Console" setting and select the "Submit Changes" button. |