PCI scan failed: ROBOT information disclosure

ssl

#1

Hi,

I am using SecurityMetrics vulnerability scan for PCI compliance and it started failing for possible_wls “Return Of Bleichenbacher’s Oracle Threat (ROBOT) Information Disclosure” for all the CloudFlare ports (2083, 2087, 443, 2096, 8443, 2053).
I am using CloudFlare SSL certificates for my site.

How can I resolve it?

Thanks.


#2

You can require TLS 1.2 on all your zones. You may also want to review all your zones and ensure the firewall is enabled.


#3

I changed “Minimum TLS Version” under Crypto to 1.2 and it didn’t resolve it.


#4

With our move to boring SSL we switched to RSA PSS from PKCS1-v1.5.

So I think the tool is reporting a false positive.


#5

This topic was automatically closed after 14 days. New replies are no longer allowed.