tracker issue : CF-4202953

select a category, or use search below
(searches all categories and all time range)
Title:

[Lockdown] CF Scripts URI Should be Random

| View in Tracker

Status/Resolution/Reason: To Fix//BugVerified

Reporter/Name(from Bugbase): Peter Freitag / ()

Created: 06/20/2018

Components: Security, LockdownGuide

Versions: 2018

Failure Type: Incorrect w/Workaround

Found In Build/Fixed In Build: Public Beta /

Priority/Frequency: Minor / All users will encounter

Locale/System: ALL / Win 2016

Vote Count: 3

Problem Description: The lockdown installer remaps the /cf_scripts URI to /cfscripts_2018 - there is no benefit in changing it from one known default to another known default - if it is going to change it, it should contain some randomness or let user specify a value. 

Steps to Reproduce: Run lockdown installer

Actual Result: Changes /cf_scripts to /cfscripts_2018

Expected Result: change it to an unpredictable value.

Any Workarounds: You can change it again manually.

Attachments:

Comments:

what anything actually changed with this? Isn't this for cfform and/or cfclient?
Comment by James M.
29109 | June 20, 2018 02:18:43 PM GMT
+1 - Maybe set randomness every CF start?
Vote by Aaron N.
29115 | June 20, 2018 11:51:23 PM GMT
+1 pointless if predictable!
Vote by John W.
30603 | April 04, 2019 02:40:16 PM GMT
It is not secure to switch from one default value to another default value. The installer should prompt the user for a name to use. Please fix this.
Vote by Miguel F.
30608 | April 05, 2019 02:19:20 PM GMT