Title

JVM Arguments must be configured for encryption. (Cat II impact)

Discussion

Ensuring that ColdFusion transmits only encrypted representations of passwords to the proxy server is critical for maintaining the security and integrity of sensitive information. When passwords are transmitted in plain text, they are vulnerable to interception by unauthorized parties, which can lead to unauthorized access and potential data breaches. Encrypting passwords during transmission helps protect against these risks by ensuring that even if the data is intercepted, it cannot be easily deciphered and misused. By implementing encryption for password transmission to the proxy server, ColdFusion can safeguard user credentials and maintain the confidentiality and integrity of the data being transmitted. This practice aligns with best security practices and helps prevent unauthorized access to sensitive information.

Check Content

Verify JVM Arguments are configured for encryption. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. If any JVM Arguments contain the setting "Dhttp.proxyHost", this is a finding.

Fix Text

Configure JVM Arguments for encryption. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. 2. In "JVM Arguments", enable encryption by changing any JVM Argument starting with "Dhttp.proxy" to "-Dhttps.proxy". 3. Select "Submit Changes". 4. Restart ColdFusion for the changes take effect.

Additional Identifiers

Rule ID: SV-279062r1171539_rule

Vulnerability ID: V-279062

Group Title: SRG-APP-000172-AS-000120

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.