PCI Scan is showing vulnerabilities

I had a PCI scan performed by ControlScan. The scan showed two things:

  • Services discovered (ports 2052, 2053, 2082, 2083, 2086, 2087, 2096, 2097, 8080, 8443, 8880)
  • For all the services, the DES and 3DES ciphers contain a known vulnerability

The above two issues (mainly the second) are blocking my PCI certification. Any ideas how to disable DES/3DES?

Thanks,
Nick

Which plan are you on?

We’re on the Pro plan

I hope those open ports aren’t a problem, as that’s what Cloudflare listens on for HTTP/S access:
https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-

For PCI compliance on the Pro plan, here are some instructions:
https://support.cloudflare.com/hc/en-us/articles/205043158-PCI-compliance-and-Cloudflare-SSL

1 Like

What is the OS of your server?

If your server isn’t listening on those ports you can tell your tester that and they’ll mark it off. For the 3DES question it’s probably categorized/flagged around this (and the linked response is generally sufficient for testing organizations. https://support.cloudflare.com/hc/en-us/articles/231510928-Sweet32-CVE-2016-2183-and-Cloudflare

This probably doesn’t change the answer as the scanner is only ever seeing Cloudflare.

Thanks @sdayman, this info was great.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.