ColdFusion must limit concurrent sessions to the Administrator Console.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-279030 | SRG-APP-000001-AS-000001 | APAS-CF-000001 | SV-279030r1171489_rule | 2025-12-19 | 1 |
Description
The ColdFusion Administrator Console provides critical functionality for managing the ColdFusion application server. Allowing concurrent logins to the Administrator Console increases the risk of unauthorized access and account compromise. Disabling concurrent logins ensures that only one active session per user is allowed. This restriction provides a security benefit by alerting users to potential account compromise: If a user is unexpectedly logged out due to a new session being initiated, it may indicate unauthorized use of their credentials.
ℹ️ Check
Verify Concurrent Administrator Console Logins.
1. From the Admin Console Landing Screen, navigate to Security >> Administrator.
2. Locate the option labeled "Allow concurrent login sessions for Administrator Console".
If this option is enabled (checked), this is a finding.
✔️ Fix
Configure Concurrent Administrator Console Logins.
1. From the Admin Console Landing Screen, navigate to Security >> Administrator.
2. Locate the option labeled "Allow concurrent login sessions for Administrator Console".
3. Disable (uncheck) the option.
4. Select "Submit Changes".