← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279062

CAT II (Medium)

JVM Arguments must be configured for encryption.

Rule ID

SV-279062r1171539_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000197

Discussion

Ensuring that ColdFusion transmits only encrypted representations of passwords to the proxy server is critical for maintaining the security and integrity of sensitive information. When passwords are transmitted in plain text, they are vulnerable to interception by unauthorized parties, which can lead to unauthorized access and potential data breaches. Encrypting passwords during transmission helps protect against these risks by ensuring that even if the data is intercepted, it cannot be easily deciphered and misused. By implementing encryption for password transmission to the proxy server, ColdFusion can safeguard user credentials and maintain the confidentiality and integrity of the data being transmitted. This practice aligns with best security practices and helps prevent unauthorized access to sensitive information.

Check Content

Verify JVM Arguments are configured for encryption.

From the Admin Console Landing Screen, navigate to Server Settings &gt;&gt; Java and JVM.

If any JVM Arguments contain the setting "Dhttp.proxyHost", this is a finding.

Fix Text

Configure JVM Arguments for encryption.

1. From the Admin Console Landing Screen, navigate to Server Settings &gt;&gt; Java and JVM.

2. In "JVM Arguments", enable encryption by changing any JVM Argument starting with "Dhttp.proxy" to "-Dhttps.proxy".

3. Select "Submit Changes".

4. Restart ColdFusion for the changes take effect.