tracker issue : CF-4126693

select a category, or use search below
(searches all categories and all time range)
Title:

Security Analyzer - Secure with Credentials

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/09/2016

Components: Security Analyzer

Versions: 2016

Failure Type: Enhancement Request

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Major / Unknown

Locale/System: English / Win All

Vote Count: 1

While the documentation says the security analyzer is "available only in development server, it is not available in the production server". There are still a potential for ColdFusion to be installed incorrectly where the security analyzer could be exposed to an attacker to run and profile the code making it easier to attack.

The security analyzer should be secured with either admin or rds username and passwords.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126693

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config: Friendly Name: Current MBP
System Type: Laptop
Brand: Apple 
Model: Mid-2012 15"
Processor Type: Intel Core i7
Processor Speed: 2GHz to 3GHz
Memory: 8GB to 16GB
Hard Drive Storage: 500GB-1TB
Peripherals: LCD Display
Peripherals: Web-Cam
Connectivity: Ethernet
Connectivity: Wireless 802.11 N
Interfaces: Firewire
Interfaces: USB 2.x
Media: CD
Media: CD-R
Media: CD-RW
Media: DVD
Media: DVD+R
Media: DVD-R
Media: SD Card
Primary Operating System: Mac OS X 10.9 (Mavericks)
Secondary Operating System: Windows 7 64
System Location: Other
Time Owned: 2 to 3 Years

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Date Closed newValue: 2016-02-02 21:26:45.0 oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: Closed By newValue: preethi oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: Owner newValue: Blank oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: Reason newValue: Blank oldValue: Fixed oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: State newValue: Closed oldValue: Open oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: Status newValue: Fixed oldValue: ToTest oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:45.0 action: updated fieldName: Fix By Product Milestone newValue: Gold Master oldValue: Alpha oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:16.0 action: updated fieldName: Fix By Milestone newValue: Gold Master oldValue: Alpha oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-02-03 05:26:16.0 action: updated fieldName: Date Fixed newValue: 2016-02-02 00:00:11.0 oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Fixed By newValue: uogra oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Owner newValue: preethi oldValue: mchandna oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Status newValue: ToTest oldValue: ToFix oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Reason newValue: Fixed oldValue: Investigate oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Changelist newValue: Take latest oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2016-02-02 08:00:11.0 action: updated fieldName: Owner newValue: mchandna oldValue: uogra oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-28 10:20:33.0 action: updated fieldName: Dev Assigned newValue: mchandna oldValue: uogra oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-28 10:20:33.0 action: added fieldName: Vote Type newValue: BETA oldValue: Blank oprid: prerelease recordName: AD_DEFECT_VOTE timpestamp: 2016-01-21 15:35:30.0 action: updated fieldName: Owner newValue: uogra oldValue: djha oprid: djha recordName: RQ_DEFECT timpestamp: 2016-01-20 08:43:28.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: djha oprid: djha recordName: RQ_DEFECT timpestamp: 2016-01-20 08:43:28.0 action: updated fieldName: Dev Assigned newValue: djha oldValue: uogra oprid: awdhesh recordName: RQ_DEFECT timpestamp: 2016-01-20 08:06:03.0 action: updated fieldName: Owner newValue: djha oldValue: uogra oprid: awdhesh recordName: RQ_DEFECT timpestamp: 2016-01-20 08:06:03.0 action: updated fieldName: Fix By Milestone newValue: Alpha oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-18 10:06:31.0 action: updated fieldName: Fix By Product Milestone newValue: Alpha oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-18 10:06:31.0 action: updated fieldName: Priority newValue: 3 oldValue: 4 oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-11-16 10:14:50.0 action: updated fieldName: Priority newValue: 4 oldValue: 0 oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-27 06:19:31.0 action: updated fieldName: Severity newValue: 0 oldValue: 3 oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-23 11:05:22.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:54:45.0 action: updated fieldName: Owner newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:54:45.0 action: updated fieldName: Fix By Product Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:03:52.0 action: updated fieldName: Fix By Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:03:52.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:03:52.0 action: updated fieldName: Owner newValue: sanniset oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:03:52.0 action: updated fieldName: Reason newValue: Investigate oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 05:03:52.0
Comment by CFwatson U.
3486 | March 09, 2016 04:39:39 AM GMT
+1 should be secured with a password
Vote by External U.
3488 | March 09, 2016 04:39:40 AM GMT
Added By: PreRelease User User Name:David Epler Note Added: Which specific builds of Server and Builder was this fixed in? Date Added :2016-02-06 19:02:25.0 Added By:preethi Note Added: The fix would be available in the next drop. Date Added :2016-02-03 05:26:46.0 Added By: PreRelease User User Name:David Epler Note Added: Entered Bug. Date Added :2015-07-18 13:34:40.0
Comment by CFwatson U.
3487 | March 09, 2016 04:39:42 AM GMT