ColdFusion must configure Lightweight Directory Access Protocol (LDAP) for Transport Layer Security (TLS).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-279093 | SRG-APP-000439-AS-000155 | APAS-CF-000875 | SV-279093r1171053_rule | 2025-12-19 | 1 |
| Description |
|---|
| LDAP is commonly used for accessing and maintaining distributed directory information services. When LDAP authentication is performed without encryption, sensitive information such as usernames and passwords can be transmitted in clear text, making it vulnerable to interception and unauthorized access. By using TLS to secure LDAP authentication, the data transmitted between the client and the LDAP server is encrypted, ensuring the confidentiality and integrity of the authentication process. This practice helps protect against eavesdropping, man-in-the-middle attacks, and other security threats, thereby enhancing the overall security of the ColdFusion server and the applications it hosts. Regularly verifying and enforcing using TLS for LDAP authentication is essential for maintaining a secure server environment. |
| ℹ️ Check |
|---|
| Verify LDAP is configured for TLS. 1. From the Admin Console Landing Screen, navigate to Security >> Administrator. 2. Click "Edit LDAP Configuration". If "SSL/TLS" is not enabled, this is a finding. |
| ✔️ Fix |
|---|
| Configure LDAP for TLS. 1. From the Admin Console Landing Screen, navigate to Security >> Administrator. 2. Click "Edit LDAP Configuration". 3. Enable the "SSL/TLS" setting. 4. Select "Save". 5. Select "Submit Changes". |