ColdFusion encryption system can be decrypted
| coldfusion-encryption (2208) |  Low Risk |
Description:
The encryption system used in the ColdFusion CFCRYPT program can be decrypted. This possibility for decryption could expose source code distributed with encryption, which was previously thought to be unviewable. Programs to decrypt ColdFusion source have been rumored to exist but are not widely available.
Consequences:
Obtain Information
Remedy:
No remedy available as of March 20, 2010.
References:
- Macromedia/Allaire Security Bulletin ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted.
- BID-275: Allaire ColdFusion CFCRYPT.EXE Vulnerability
- CVE-1999-0757: The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
Platforms Affected:
- Macromedia ColdFusion
Reported:
May 24, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net