Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: The Adobe Breach FAQ - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The Adobe Breach FAQ

You have probably seen now the stories about Adobe being breached, customer data being exposed and source code leaked. Excellent work by Brian Krebs in uncovering these breach and he has a great write-up about this here:

But what does this mean for you? Does this affect you as an Adobe customer? Here are a couple of questions that keep coming up.

1 - How did they get in?

It appears a vulnerability in Coldfusion was used to breach an Adobe site used for payment processing. The group that breached Adobe appearantly used Coldfusion exploits as one of their favorite tools to breach sites. Again, see Brian's excellent work above for more details.

2 - I am a Coldfusion user. Should I worry?


3 - How do I protect myself as a Coldfusion user?

Make sure you are patched. Coldfusion had some significant vulnerabilities that were patched a few months ago (in particular the patches released around May). If you haven't patched those problems yet, then you should probably call this an "incident". But then again, Incident Response is so much more exciting then operations.

4 - Should I chang hosting platforms from Coldfusion to something else?

Probably not. It is a ton of work to switch platforms. This time and effort is better spent shoring up your existing infrastructure. What controls do you have in place to detect a breach? How many Coldfusion servers do you have? How are they patched? Do you store confidential information on those servers that you don't really need on those servers?

5 - Do I need to change my passwords?

No. Adobe already changed your password on Adobe's site. If you are still using the same password on multiple sites: You are doing it wrong. Changing your password will help you as little as changing underwear if you don't clean it between uses.

6 - Do Ineed to worry about my credit card if I used it with Adobe?

You should always worry about your credit card. But for the most part, this is your bank's problem. Relax, watch your statements, get a new card if you see odd charges or if your bank notifies you. You used a Debit Card online? Brave! You probably also don't like seatbelts and eat supermarket puffer fish sushi.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4511 Posts
ISC Handler
Oct 4th 2013
I would expect more than normal 0-days to appear for these products over the next few days and weeks. I expect hardening is in order. I found this guide for Acrobat--are there other good ones out there?

88 Posts

Adobe also released a PDF detailing lockdown instructions for ColdFusion 10. The PDF is called ColdFusion 10 Lockdown Guide. It can be found here :
1 Posts
Quoting Anonymous:

Ha! A potentially malformed URL leading to a PDF in a thread about possible PDF vulnerabilities. Who's going to be first to copy-paste that link? ;)
2 Posts
URL: 0/38 in VirusTotal

MD5: 4cca077f18e1cadc5a59c8d3af5d09d1
Document 0/49 in VirusTotal
Here is another resource:

Sign Up for Free or Log In to start participating in the conversation!