Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PCI compliance test passes on port 443, but fails on ports 2087, 2083, 2096 and 2078

Discussion in 'Security' started by MacPhotoBiker, Apr 28, 2014.

  1. MacPhotoBiker

    MacPhotoBiker Registered

    Joined:
    Apr 28, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi,

    I'm trying to get my server PCI compliant, and I'm using this scanner:

    Check PCI DSS compliance - Online free pci dss compliance checker

    Port 443 passes the test just fine:
    "SSlv2 disabled. SSL Server won't allow Anonymous Authentication Vulnerability."

    However, on ports 2087, 2083, 2096 and 2078 I receive the following error message:

    SSL Server Allows Anonymous Authentication Vulnerability. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm. An attacker can exploit this vulnerability to impersonate your server to clients.Please disable support for anonymous authentication.

    Could you help me out to solve these issues?

    Thanks a lot!
     
    #1 MacPhotoBiker, Apr 28, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,183
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Are you able to use an alternate PCI scan that lists specific reasons for test failures? For instance, I do not see any references to specific CVE reports or specific attack vectors. Here is a third-party URL to an alternate PCI scan that describes how to manually check if anonymous authentication is possible:

    https://community.qualys.com/docs/DOC-1097

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Apr 29, 2014
  3. MacPhotoBiker

    MacPhotoBiker Registered

    Joined:
    Apr 28, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi Michael,

    thanks for pointing out that I should rather a different scanner :)

    I just did, and I received the following two vulnerabilities:

    1) rsh Service Detection rsh (8889/tcp)
    CVE-1999-0651

    2)OpenSSH < 5.7 Multiple Vulnerabilities ssh (2516/tcp)
    CVE-2010-4478, CVE-2012-0814

    I'm running a VPS on Centos 6.5.

    Couldyou guide me in the right direction to solve these issues?

    Thanks a lot!
     
    #3 MacPhotoBiker, Apr 29, 2014
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,183
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    It's likely reporting false positives based on the version number in cases where patches have been backported, or in cases where it does not effect the version shipped with your OS. RSH is not a standard package so you could remove it using your system package manager (YUM) if you have no specific requirement for it. CentOS 6 should not be effected by the OpenSSH CVE reports referenced:

    https://access.redhat.com/security/cve/CVE-2012-0814
    https://access.redhat.com/security/cve/CVE-2010-4478

    In both cases it states:

    Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, May 2, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - compliance test passes
  1. bridgeway04

    PCI Compliance Apache Global Setting

    bridgeway04, Oct 3, 2018, in forum: Security
    Replies:
    2
    Views:
    158
    cPanelLauren
    Oct 5, 2018
  2. WebJIVE

    PCI Compliance Automation

    WebJIVE, Jun 22, 2018, in forum: Security
    Replies:
    6
    Views:
    275
    rpvw
    Jun 22, 2018
  3. GregWilliamBryant

    Trustwave failing PCI compliance SSL/TLS Weak Encryption Algorithms on Port 443

    GregWilliamBryant, May 10, 2018, in forum: Security
    Replies:
    2
    Views:
    547
    rulerofzu
    May 14, 2018
  4. dstana

    PCI Compliance

    dstana, Apr 25, 2018, in forum: Security
    Replies:
    4
    Views:
    272
    cPanelMichael
    Apr 27, 2018
  5. ehask71

    PCI compliance is getting ridiculous

    ehask71, Feb 22, 2018, in forum: Security
    Replies:
    7
    Views:
    1,145
    sparek-3
    Apr 11, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice