PCI scan failed: ROBOT information disclosure


I am using SecurityMetrics vulnerability scan for PCI compliance and it started failing for possible_wls “Return Of Bleichenbacher’s Oracle Threat (ROBOT) Information Disclosure” for all the Cloudflare ports (2083, 2087, 443, 2096, 8443, 2053).
I am using Cloudflare SSL certificates for my site.

How can I resolve it?


You can require TLS 1.2 on all your zones. You may also want to review all your zones and ensure the firewall is enabled.

I changed “Minimum TLS Version” under SSL/TLS to 1.2 and it didn’t resolve it.

With our move to boring SSL we switched to RSA PSS from PKCS1-v1.5.

So I think the tool is reporting a false positive.

This topic was automatically closed after 14 days. New replies are no longer allowed.