STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279057

CAT II (Medium)

ColdFusion must store only encrypted representations of passwords.

Rule ID

SV-279057r1171529_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000196

Discussion

Applications must enforce password encryption when storing passwords. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read and easily compromised. Application servers provide either a local user store or they integrate with enterprise user stores like LDAP. When ColdFusion is responsible for creating or storing passwords, ColdFusion must enforce the storage of encrypted representations of passwords.

Check Content

Verify Proxy Settings.

From the Admin Console Landing Screen, navigate to Server Settings >> Settings.

If a "Proxy Host" is provided with a "Proxy Username" and "Proxy Password", this is a finding.

Fix Text

Configure Proxy Settings.

1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.

2. Clear the "Proxy Host", Proxy UserName", and "Proxy Password" fields.

3. Select "Submit Changes".