ColdFusion must limit concurrent sessions to the Administrator Console.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-279030	SRG-APP-000001-AS-000001	APAS-CF-000001	SV-279030r1171489_rule	2025-12-19	1

Description
The ColdFusion Administrator Console provides critical functionality for managing the ColdFusion application server. Allowing concurrent logins to the Administrator Console increases the risk of unauthorized access and account compromise. Disabling concurrent logins ensures that only one active session per user is allowed. This restriction provides a security benefit by alerting users to potential account compromise: If a user is unexpectedly logged out due to a new session being initiated, it may indicate unauthorized use of their credentials.

Description

The ColdFusion Administrator Console provides critical functionality for managing the ColdFusion application server. Allowing concurrent logins to the Administrator Console increases the risk of unauthorized access and account compromise. Disabling concurrent logins ensures that only one active session per user is allowed. This restriction provides a security benefit by alerting users to potential account compromise: If a user is unexpectedly logged out due to a new session being initiated, it may indicate unauthorized use of their credentials.

ℹ️ Check
Verify Concurrent Administrator Console Logins. 1. From the Admin Console Landing Screen, navigate to Security >> Administrator. 2. Locate the option labeled "Allow concurrent login sessions for Administrator Console". If this option is enabled (checked), this is a finding.

✔️ Fix
Configure Concurrent Administrator Console Logins. 1. From the Admin Console Landing Screen, navigate to Security >> Administrator. 2. Locate the option labeled "Allow concurrent login sessions for Administrator Console". 3. Disable (uncheck) the option. 4. Select "Submit Changes".