False positive on PCI scan?

G

GreybeardITGuy

Registered
Oct 25, 2019
4
0
1
Southern California
cPanel Access Level
Root Administrator
Hello,

I received a warning about weak ciphers on the mailserver ports (587, 465, 26, 25) with our PCI scan. I adjusted both dovecot and exim to use the hardened ciphers, but this morning I am still getting flagged for weak ciphers. I dug into the report and it's reporting the following ciphers as being present (see attachment):

AECDH-RC4-SHA
AECDH-DES-CBC3-SHA
AECDH-AES128-SHA
AECDH-AES256-SHA
RC4-MD5
RC4-SHA
AECDH-RC4-SHA

When I go into WHM and look at the cipher settings for dovecot and exim I do not see any of these ciphers listed.

Dovcot:

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

Exim:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

This smells like a false positive, but I don't want to assume anything in regarding to PCI. I made similar adjustments for webdisk, cpanel services, and apache but again, it's flagging the mailserver ports, not port 80 or 443.

What am I missing? TIA!
 

Attachments

cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 
cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Hello,

Great, thank you. I'm watching that ticket and I'll update here with the end result. There are too many variables in this situation for me to tell you specifically if it's a false positive or not, so a ticket was definitely the best way to go.


Thanks!
 
cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Hi @GreybeardITGuy

I'm really glad that you were able to get the issue resolved and that they were able to identify the issue. Thank you for following up here as well.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
B A LOT of MODSEC false positives since WHM upgrade? Rule #920280 ? Security 2
M ModSecurity false-positive with ConfigServer cXs ModSecurity rule Security 3
R ModSecurity False Positive WordPress - How can I temporarily whitelist specific for this website? Security 12
I ModSecurity issues false positive on WordPress Security 1
A CBL Blocking - False positive? Security 3
Similar threads
A LOT of MODSEC false positives since WHM upgrade? Rule #920280 ?
ModSecurity false-positive with ConfigServer cXs ModSecurity rule
ModSecurity False Positive WordPress - How can I temporarily whitelist specific for this website?
ModSecurity issues false positive on WordPress
CBL Blocking - False positive?
Top Bottom