The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TrustWave (PCI) scan fail. Insecure WebDAV Auth.

Discussion in 'Security' started by rezman, Jan 4, 2012.

  1. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    A client's PCI scan keeps failing before WebDAV is accepting login/passwords over a non-secure port (2077). I disputed this with TrustWave as part of Cpanel WebDAV. They denied the dispute even though it has nothing do to with the SSL secure stuff on the website.

    So my question is how do I disable WebDAV port 2077 so their scans stop failing. I could just block this at the firewall but to me this seems like a band-aid. I would think MANY people would have this problem seeing as this is a default setting and enabled in Cpanel. I don't want to turn off WebDAV all together.

    The cPanel Web Disk Configuration is pretty limited. All it allows is the changing of the 'TLS/SSL Cipher List'. Mine is currently the default. "ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP"
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  3. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    After blocking port 2077 I was able to pass my Trustwave PCI scan.
     
Loading...

Share This Page