The authentication process in Adobe ColdFusion prior to 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent malicious users to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 9.0 |
||
adobe coldfusion |
||
adobe coldfusion 9.0.1 |