Cold Fusion Inadequately Protects Secure Forums
Reported April 3, 2000 by Allaire
Allaire has recently been notified of a security issue in the Allaire Forums 2.0.5 software. This behavior allows users to view and post to secure conference threads via unsecured conferences and/or through email. The security issue in the code exists in certain unscoped variables and the base-coding schema of forums itself. The flaw spans multiple files; (files are listed below), and involves a certain variable called "rightAccessAllForums." This variable was not scoped properly inside the forums code, allowing the user the ability to not only post and view conference of which they are not part, but also allowing users to sign up to Forums conferences which have not yet been created.
Allaire has released new templates for Allaire Forums that should close this vulnerability. The new templates correct the coding problem by explicitly setting two values, "rightAccessAllForums" and "rightModerateAllForums" to be automatically hard-coded "False" in the Application.cfm; those values are then called for authentication in the rest of the files. These modifications also force Client.Forums_AccessAllowed to contain a list of all accessible forums.
Reported by Allaire