Adobe ColdFusion is prone to a remote authentication-bypass vulnerability.
An attacker can exploit this issue to bypass certain authentication processes and potentially allow an attacker to take control of the affected system. Impact Level: Application
Vendor updates are available.
Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the 'rdsPasswordAllowed' field when accessing the Administrator API CFC that is used for logging in.
ColdFusion 9.0, 9.0.1, 9.0.2 Note: This issue affects ColdFusion customers who do not have password protection enabled or do not have a password set.
Try to bypass authentication by sending some HTTP requests.
- aflog Cookie-Based Authentication Bypass Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- ATutor < 1.5.1-pl1 Multiple Flaws
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities