Paul Alkema

Discussions on Web Development and Security

Paul Alkema

Reset Coldfusion Administrator Password

April 19, 2010 · 45 Comments

Sorry hackers, this is not a tutorial on how to hack into someone's Coldfusion administrator that isn't yours. In order to do this, you need access to the Coldfusion server files. Now if you have access to those and your a hacker, well I think the servers administrator has more to worry about than you just changing the Coldfusion administrator password.

Warning!! Once the password has been changed, there's not changing it back to what the previous password was, so make sure you have permission to do this before doing it.

Now that I've warned you, Here's how you do it!

  1. Locate neo-security.xml This file should be located in your lib folder.
    IE; C:/coldfusion8/lib/neo-security.xml
  2. Open file and locate
            <var name="admin.security.enabled">
                <boolean value="true" />
            </var>
        
  3. Change from boolean value="true" to boolean value="false".
  4. Save file and exit
  5. Restart Coldfusion services
  6. Go to the Coldfusion administrator. It should be unlocked.
  7. Expand "security", select "CF Admin Password".
  8. Check the check box for the "Use a ColdFusion Administration password". This will enable the password requirement.
  9. Enter new password twice and hit "Submit Changes".

Tags: ColdFusion