tracker issue : CF-3517498

select a category, or use search below
(searches all categories and all time range)
Title:

cflogin - errors with bad input

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Raymond Camden / Raymond Camden (Raymond Camden)

Created: 03/11/2013

Components: Security

Versions: 10.0

Failure Type: Unspecified

Found In Build/Fixed In Build: Final / 284476

Priority/Frequency: Trivial / Some users will encounter

Locale/System: English / Platforms All

Vote Count: 0

I've now seen cflogin throw an error twice now w/ bad input at - I believe - the cookie level. Here is a report from one user:

http://www.raymondcamden.com/forums/messages.cfm?threadid=C60102CA-9221-2FD6-A3CEDCAA37CDBF73&page=1&

Another one is an array error:

java.lang.ArrayIndexOutOfBoundsException: 1 at coldfusion.security.SecurityManager.parseAuthInfo(SecurityManager.java:2677) at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:358) at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:329) at cfApplication2ecfm752727542.runPage(C:\inetpub\wwwroot\Forta Forums\Application.cfm:93) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:444) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:346) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(

At the end of the day, these smell like someone trying to hack, but cflogin shouldn't throw these exceptions.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3517498

External Customer Info:
External Company:  
External Customer Name: cfjedimaster
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

Comments: