CVE-2024-34113: ColdFusion | Weak Cryptography for Passwords (CWE-261)
First published: Thu Jun 13 2024(Updated: )
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =2021-update1 | |
| Adobe ColdFusion | =2021-update10 | |
| Adobe ColdFusion | =2021-update11 | |
| Adobe ColdFusion | =2021-update12 | |
| Adobe ColdFusion | =2021-update13 | |
| Adobe ColdFusion | =2021-update2 | |
| Adobe ColdFusion | =2021-update3 | |
| Adobe ColdFusion | =2021-update4 | |
| Adobe ColdFusion | =2021-update5 | |
| Adobe ColdFusion | =2021-update6 | |
| Adobe ColdFusion | =2021-update7 | |
| Adobe ColdFusion | =2021-update8 | |
| Adobe ColdFusion | =2021-update9 | |
| Adobe ColdFusion | =2023-update1 | |
| Adobe ColdFusion | =2023-update2 | |
| Adobe ColdFusion | =2023-update3 | |
| Adobe ColdFusion | =2023-update4 | |
| Adobe ColdFusion | =2023-update5 | |
| Adobe ColdFusion | =2023-update6 | |
| Adobe ColdFusion | =2023-update7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-34113?
CVE-2024-34113 is a medium severity vulnerability characterized by weak cryptography for passwords.
How do I fix CVE-2024-34113?
To mitigate CVE-2024-34113, update your Adobe ColdFusion to the latest version that addresses this vulnerability.
Which versions of ColdFusion are affected by CVE-2024-34113?
CVE-2024-34113 affects Adobe ColdFusion versions 2023u7, 2021u13, and earlier.
What impact does CVE-2024-34113 have on security?
CVE-2024-34113 may lead to a security feature bypass due to the use of weak cryptographic algorithms.
Is any additional configuration needed after updating for CVE-2024-34113?
After updating for CVE-2024-34113, review your password policies to ensure they're compliant with best practices for cryptography.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/2021-update1
- version/adobe coldfusion/2021-update10
- version/adobe coldfusion/2021-update11
- version/adobe coldfusion/2021-update12
- version/adobe coldfusion/2021-update13
- version/adobe coldfusion/2021-update2
- version/adobe coldfusion/2021-update3
- version/adobe coldfusion/2021-update4
- version/adobe coldfusion/2021-update5
- version/adobe coldfusion/2021-update6
- version/adobe coldfusion/2021-update7
- version/adobe coldfusion/2021-update8
- version/adobe coldfusion/2021-update9
- version/adobe coldfusion/2023-update1
- version/adobe coldfusion/2023-update2
- version/adobe coldfusion/2023-update3
- version/adobe coldfusion/2023-update4
- version/adobe coldfusion/2023-update5
- version/adobe coldfusion/2023-update6
- version/adobe coldfusion/2023-update7