V-279030

Discussion

The ColdFusion Administrator Console provides critical functionality for managing the ColdFusion application server. Allowing concurrent logins to the Administrator Console increases the risk of unauthorized access and account compromise. Disabling concurrent logins ensures that only one active session per user is allowed. This restriction provides a security benefit by alerting users to potential account compromise: If a user is unexpectedly logged out due to a new session being initiated, it may indicate unauthorized use of their credentials.

Check Content

Verify Concurrent Administrator Console Logins. 

1. From the Admin Console Landing Screen, navigate to Security >> Administrator.

2. Locate the option labeled "Allow concurrent login sessions for Administrator Console".

If this option is enabled (checked), this is a finding.