Authentication flaw

2008-03-1200:44:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

JSON

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

CPENameOperatorVersion
coldfusioneq8.0
coldfusioneq7.0

CPE	Name	Operator	Version
	coldfusion	eq	8.0
	coldfusion	eq	7.0

References

secunia.com/advisories/29332

www.adobe.com/support/security/bulletins/apsb08-08.html

www.securityfocus.com/bid/28207

www.securitytracker.com/id?1019600

www.vupen.com/english/advisories/2008/0862/references

exchange.xforce.ibmcloud.com/vulnerabilities/41150