There are a several problems that are coming to light with CFADMIN.
Allaire has quietly said that you should use the Webservers authentication
model on top of the CF authentication for better security or remove the
CFADMIN completely from production servers.
- Steve
Steve Pierce, HDL
"Co-Location starting $99 per month, no setup fee"
(734) 482-9682 | mailto:[EMAIL PROTECTED] | http://HDL.com
-----Original Message-----
From: Steve Bernard [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 3:02 PM
To: [EMAIL PROTECTED]
Subject: SiteMinder vulnerability
Does anyone know which, if any, CF versions are susceptible to the recently
announced vulnerability in SiteMinder?
-----
Release: 09.11.00
Application: Netegrity SiteMinder 3.6, 4.0
Platforms: Solaris 2.x, Windows NT
Severity: Access control mechanism can be bypassed.
Author: David Litchfield and Mark Litchfield
Netegrity's SiteMinder is a web access control product for Solaris and
Windows NT that implements various authentication mechanisms to protect
content on websites. It features native integration with industry-standard
LDAP, NDS, and NT directory services as well as SQL databases. Due to an
error in SiteMinder's URL parsing, it is possible for an attacker to bypass
the authentication phase and view protected web pages directly.
-----
Thanks,
Steve
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
