www.tacti

More documents

Recommendations

Info

Security Warning found on port/service "443 / tcp / www" Status Plugin Automatic Failure as listed by the PCI SSC (This must be resolved for your device to be compliant) "SSL Version 2 (v2) Protocol Detection" Category "Service detection " Priority "Medium Priority Synopsis The remote service encrypts traffic using a protocol with known weaknesses. Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'. See also: http://www.schneier.com/paper-ssl.pdf http://support.microsoft.com/kb/187498 http://www.nessus.org/u?247c4540 https://www.openssl.org/~bodo/ssl-poodle.pdf http://www.nessus.org/u?5d15ba70 https://www.imperialviolet.org/2014/10/14/poodle.html https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 Risk factor MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Plugin output - SSLv3 is enabled and the server supports at least one cipher.
Solution Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.1 (with approved cipher suites) or higher instead.
Page 1 and 2: Scan Summary Customer company name
Page 3 and 4: 1 0291408&CNumber=&CardPrice=&Clubt
Page 5: framemode=&ItemID=&FromRec=&FF=&Dat
Page 9 and 10: Solution Consult the application's
Page 12: Security Warning found on port/serv
Page 15 and 16: Kx={key exchange} Au={authenticatio
Page 17 and 18: Security Warning found on port/serv
Page 27 and 28: certificate authority : |-Subject :
Page 29 and 30: |-Subject : C=US/ST=Virginia/L=Hern
Page 31 and 32: |-Subject : C=US/ST=Virginia/L=Hern
Page 33 and 34: DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-C
Page 35 and 36: Security Notes found on port/servic
Page 37 and 38: Content-Type: text/html; charset=ut
Page 39 and 40: X-Permitted-Cross-Domain-Policies:
Page 41 and 42: Key Length: 2048 bits Public Key: 0
Page 43 and 44: Extension: Authority Information Ac
Page 47 and 48: D0 91 64 EC E2 0B 0B 3D B6 90 98 2A
Page 49 and 50: Version: 1 Signature Algorithm: SHA
Page 57 and 58:
Security Notes found on port/servic
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
ECDHE-RSA-AES256-SHA384 Kx=ECDHE Au
Page 89 and 90:
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=C
Page 91 and 92:
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA
Page 93 and 94:
Page 95 and 96:
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES
Page 97 and 98:
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc
Page 99 and 100:
Page 101 and 102:
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc
Page 103 and 104:
High Strength Ciphers (>= 112-bit k
Page 105 and 106:
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES
Page 107 and 108:
Page 109 and 110:
- https://www.takti.co.il/demo/inde
Page 111 and 112:
- http://www.takti.co.il/demo/index
Page 113 and 114:
Page 115 and 116:
Signature Length: 256 bytes / 2048
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
SSL/TLS version : TLSv1.0 Cipher su
Page 123 and 124:
Diffie-Hellman MODP size (bits) : 1
Page 125 and 126:
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=
Page 127 and 128:
administration /administrator /admi
Page 129 and 130:
webalizer Based on tests of each me
Page 131 and 132:
Page 133 and 134:
cgi-bin /mailman
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Name : PHPSESSID Path : / Value : 4
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
State/Province: Virginia Locality:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
lind SQL injection (4 requests) : S
Page 175 and 176:
directory traversal (write access)
Page 177 and 178:
show all

www.tacti

Create successful ePaper yourself

Delete template?

Save as template?