PCI scan failed: ROBOT information disclosure




I am using SecurityMetrics vulnerability scan for PCI compliance and it started failing for possible_wls “Return Of Bleichenbacher’s Oracle Threat (ROBOT) Information Disclosure” for all the CloudFlare ports (2083, 2087, 443, 2096, 8443, 2053).
I am using CloudFlare SSL certificates for my site.

How can I resolve it?


PCIDSS scan failed: ROBOT information disclosure

You can require TLS 1.2 on all your zones. You may also want to review all your zones and ensure the firewall is enabled.


I changed “Minimum TLS Version” under Crypto to 1.2 and it didn’t resolve it.


With our move to boring SSL we switched to RSA PSS from PKCS1-v1.5.

So I think the tool is reporting a false positive.

closed #5

This topic was automatically closed after 14 days. New replies are no longer allowed.