tracker issue : CF-4126663

select a category, or use search below
(searches all categories and all time range)
Title:

Security Analyzer - Fails to identify passwords in Script Functions Implemented as CFCs

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/09/2016

Components: Security Analyzer

Versions: 2016

Failure Type:

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Win All

Vote Count: 0

Listed in the version 2016.0.02.299200 Issues Fixed doc 
The security analyzer fails to identify hardcoded passwords in script functions implemented as CFCs that were introduced by Adobe in ColdFusion 9.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSe9cbe5cf462523a0693d5dae123bcd28f6d-8000.html

All of them either have a password, proxypassword, or other password field in them.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126663

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config: Friendly Name: Current MBP
System Type: Laptop
Brand: Apple 
Model: Mid-2012 15"
Processor Type: Intel Core i7
Processor Speed: 2GHz to 3GHz
Memory: 8GB to 16GB
Hard Drive Storage: 500GB-1TB
Peripherals: LCD Display
Peripherals: Web-Cam
Connectivity: Ethernet
Connectivity: Wireless 802.11 N
Interfaces: Firewire
Interfaces: USB 2.x
Media: CD
Media: CD-R
Media: CD-RW
Media: DVD
Media: DVD+R
Media: DVD-R
Media: SD Card
Primary Operating System: Mac OS X 10.9 (Mavericks)
Secondary Operating System: Windows 7 64
System Location: Other
Time Owned: 2 to 3 Years


Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4026114\http.cfm

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Severity newValue: 2 oldValue: 0 oprid: awdhesh recordName: RQ_DEFECT timpestamp: 2016-03-04 05:10:51.0 action: updated fieldName: Fix By Product Milestone newValue: HF2 oldValue: Alpha oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-03-02 14:16:58.0 action: updated fieldName: Priority newValue: 2 oldValue: 0 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-16 05:00:31.0 action: updated fieldName: Fix By Milestone newValue: Alpha oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-18 10:05:21.0 action: updated fieldName: Fix By Product Milestone newValue: Alpha oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-18 10:05:21.0 action: updated fieldName: Severity newValue: 0 oldValue: 3 oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-24 10:40:41.0 action: updated fieldName: Priority newValue: 0 oldValue: 2 oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-24 10:40:41.0 action: updated fieldName: Priority newValue: 2 oldValue: 0 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-09-08 09:59:02.0 action: updated fieldName: Fix By Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0 action: updated fieldName: Fix By Product Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0 action: updated fieldName: Reason newValue: Blank oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0 action: updated fieldName: Owner newValue: uogra oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 05:57:25.0
Comment by CFwatson U.
3560 | March 09, 2016 04:29:24 AM GMT
Added By: PreRelease User User Name:David Epler Note Added: Entered Bug. Date Added :2015-07-26 17:49:32.0
Comment by CFwatson U.
3561 | March 09, 2016 04:29:26 AM GMT
The fix will be available in the update2 of ColdFusion 2016. Thanks!
Comment by S P.
3562 | May 06, 2016 03:48:36 AM GMT
test note
Comment by CFwatson U.
3563 | June 07, 2016 04:18:03 AM GMT
The fix for this bug is available as part of the early-access build for ColdFusion 2016 Update 2.
Comment by CFwatson U.
3564 | June 07, 2016 04:24:43 AM GMT