Adobe ColdFusion Authentication Bypass Vulnerability Network Vulnerability

Summary

Adobe ColdFusion is prone to a remote authentication-bypass vulnerability.

Impact

An attacker can exploit this issue to bypass certain authentication processes and potentially allow an attacker to take control of the affected system. Impact Level: Application

Solution

Vendor updates are available.

Insight

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the 'rdsPasswordAllowed' field when accessing the Administrator API CFC that is used for logging in.

Affected

ColdFusion 9.0, 9.0.1, 9.0.2 Note: This issue affects ColdFusion customers who do not have password protection enabled or do not have a password set.

Detection

Try to bypass authentication by sending some HTTP requests.

References

http://www.adobe.com/products/coldfusion/
http://www.securityfocus.com/bid/57330

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0632

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
Apache Tomcat /servlet Cross Site Scripting
Artmedic Kleinanzeigen File Inclusion Vulnerability
artmedic_links5 File Inclusion Vulnerability

Take action and discover your vulnerabilities