ColdFusion must transmit only encrypted representations of passwords to the mail server.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-279060	SRG-APP-000172-AS-000120	APAS-CF-000355	SV-279060r1171535_rule	2025-12-19	1

Description
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. ColdFusion may use username/password to connect to a mail server. When this authentication method is used, it is important that the credentials be protected when transmitted by being encrypted. While TLS encryption is the preferred method by DOD, SSL can be used when the mail server does not offer any other method of encryption. Satisfies: SRG-APP-000172-AS-000120, SRG-APP-000435-AS-000163, SRG-APP-000516-AS-000237

Description

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. ColdFusion may use username/password to connect to a mail server. When this authentication method is used, it is important that the credentials be protected when transmitted by being encrypted. While TLS encryption is the preferred method by DOD, SSL can be used when the mail server does not offer any other method of encryption. Satisfies: SRG-APP-000172-AS-000120, SRG-APP-000435-AS-000163, SRG-APP-000516-AS-000237

ℹ️ Check
If the "mail" package is not installed, this is Not Applicable. Verify Mail Service Configurations. From the Admin Console Landing Screen, navigate to Server Settings >> Mail. If no mail server is configured, this requirement is not a finding. If a username and password are required for authentication and "Enable TLS connection to mail server" is unchecked and "Enable SSL socket connects to mail server" is unchecked, this is a finding. If "Spool mail messages for delivery to" is unchecked, this is a finding. If "Connection Timeout (in seconds)" is set to greater than 15 seconds, this is a finding. If "Log all mail messages sent by ColdFusion" is not checked, this is a finding. If the default and recommended setting of "Warning" is not selected for error log severity, this is a finding.

ℹ️ Check

If the "mail" package is not installed, this is Not Applicable. Verify Mail Service Configurations. From the Admin Console Landing Screen, navigate to Server Settings >> Mail. If no mail server is configured, this requirement is not a finding. If a username and password are required for authentication and "Enable TLS connection to mail server" is unchecked and "Enable SSL socket connects to mail server" is unchecked, this is a finding. If "Spool mail messages for delivery to" is unchecked, this is a finding. If "Connection Timeout (in seconds)" is set to greater than 15 seconds, this is a finding. If "Log all mail messages sent by ColdFusion" is not checked, this is a finding. If the default and recommended setting of "Warning" is not selected for error log severity, this is a finding.

✔️ Fix
If the "mail" package is not installed, this is Not Applicable. Configure Mail Service. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Mail. 2. Enable SSL/TLS: - If a username and password are required for authentication, check "Enable SSL socket connections to mail server" setting. - Check "Enable TLS connection to mail server" setting. 3. Mail Spool Settings: - Uncheck "Spool mail messages for delivery to" setting. 4. Set the "Connection Timeout(in seconds)" setting to 15 seconds or fewer. 5. Mail Logging Settings: - Check "Log all mail messages sent by ColdFusion setting. - Select "Warning" for Error Log Severity. 6. Select "Submit Changes" to save the new settings.

✔️ Fix

If the "mail" package is not installed, this is Not Applicable. Configure Mail Service. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Mail. 2. Enable SSL/TLS: - If a username and password are required for authentication, check "Enable SSL socket connections to mail server" setting. - Check "Enable TLS connection to mail server" setting. 3. Mail Spool Settings: - Uncheck "Spool mail messages for delivery to" setting. 4. Set the "Connection Timeout(in seconds)" setting to 15 seconds or fewer. 5. Mail Logging Settings: - Check "Log all mail messages sent by ColdFusion setting. - Select "Warning" for Error Log Severity. 6. Select "Submit Changes" to save the new settings.