Adobe ColdFusion Authentication Bypass Vulnerability Network Vulnerability

Summary

Adobe ColdFusion is prone to a remote authentication-bypass vulnerability.

Impact

An attacker can exploit this issue to bypass certain authentication processes and potentially allow an attacker to take control of the affected system. Impact Level: Application

Solution

Vendor updates are available.

Insight

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the 'rdsPasswordAllowed' field when accessing the Administrator API CFC that is used for logging in.

Affected

ColdFusion 9.0, 9.0.1, 9.0.2 Note: This issue affects ColdFusion customers who do not have password protection enabled or do not have a password set.

Detection

Try to bypass authentication by sending some HTTP requests.

References

http://www.adobe.com/products/coldfusion/
http://www.securityfocus.com/bid/57330

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0632
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability

Take action and discover your vulnerabilities