The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help to pass pci scan

Discussion in 'Security' started by tegralens, Apr 5, 2010.

  1. tegralens

    tegralens Member

    Joined:
    Feb 12, 2010
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I need help with this to pass pci. I am running cPanel 11.25.0-C44560 I have already done a cpanel update but dont know what else to do. I also looked in the forums about hanging the SSLCipherSuite this is what I have right now. ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

    I dont know what else to do please help.

    Miscellaneous - Nessus - 142873 - TCP 2078 - Risk 3
    SSL Medium Strength Cipher Suites Supported


    The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
    Solution:
    Reconfigure the affected application if possible to avoid use of medium strength ciphers.
    Information from Target:
    Here are the medium strength SSL ciphers supported by the remote server :

    Medium Strength Ciphers (>= 56-bit and < 112-bit key)
    SSLv2
    DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
    SSLv3
    DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
    TLSv1
    DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

    The fields above are :

    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}



    Miscellaneous - Nessus - 126928 - TCP 2078 - Risk 3
    SSL Weak Cipher Suites Supported


    The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
    Solution:
    Reconfigure the affected application if possible to avoid use of weak ciphers.
    Information from Target:
    Here is the list of weak SSL ciphers supported by the remote server :

    Low Strength Ciphers (< 56-bit key)
    SSLv2
    EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
    EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

    The fields above are :

    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}


    Service Detection - Nessus - 120007 - TCP 2078 - Risk 3
    SSL Version 2 (v2) Protocol Detection


    The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
    Solution:
    Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.
     
  2. tegralens

    tegralens Member

    Joined:
    Feb 12, 2010
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
Loading...

Share This Page