Coldbox Version - v3.6.0+00647 (downloaded from CommandBox)
Java Version - 1.8.0_101
I am not sure how the URL in my application will be any use, but, here it is: http://127.0.0.1:8080/security/processLogin
I added a dump inside app.cfc and I received the same error message - with no dump output.
Here is what was in the console when I submit the form starting with --debug --console
2017-07-11 22:02:16 DEBUG io.undertow.request Matched default handler path /security/processLogin
2017-07-11 22:02:16 DEBUG io.undertow.request.security Attempting to authenticate HttpServerExchange{ POST /security/processLogin request {Accept=[text/html,applicati
on/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8], Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br],
DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537
.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[application/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE_ADMIN_LANG=e
n; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource], Referer=[http
://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:8080]} response {}}, authentication required: false
2017-07-11 22:02:16 DEBUG io.undertow.request.security Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechan
ism@1ca29 for HttpServerExchange{ POST /security/processLogin request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8],
Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (W
indows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[ap
plication/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE_ADMIN_LANG=en; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=
gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource], Referer=[http://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:
8080]} response {}}
2017-07-11 22:02:16 DEBUG io.undertow.request.security Authentication result was ATTEMPTED for HttpServerExchange{ POST /security/processLogin request {Accept=[text/h
tml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8], Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip,
deflate, br], DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.1
15 Safari/537.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[application/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE
_ADMIN_LANG=en; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource],
Referer=[http://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:8080]} response {}}
NOTIN