PCI Scan is showing vulnerabilities

#1

I had a PCI scan performed by ControlScan. The scan showed two things:

  • Services discovered (ports 2052, 2053, 2082, 2083, 2086, 2087, 2096, 2097, 8080, 8443, 8880)
  • For all the services, the DES and 3DES ciphers contain a known vulnerability

The above two issues (mainly the second) are blocking my PCI certification. Any ideas how to disable DES/3DES?

Thanks,
Nick

0 Likes

#2

Which plan are you on?

0 Likes

#3

We’re on the Pro plan

0 Likes

#4

I hope those open ports aren’t a problem, as that’s what Cloudflare listens on for HTTP/S access:

For PCI compliance on the Pro plan, here are some instructions:

1 Like

#5

What is the OS of your server?

0 Likes

#6

If your server isn’t listening on those ports you can tell your tester that and they’ll mark it off. For the 3DES question it’s probably categorized/flagged around this (and the linked response is generally sufficient for testing organizations. https://support.cloudflare.com/hc/en-us/articles/231510928-Sweet32-CVE-2016-2183-and-Cloudflare

0 Likes

#7

This probably doesn’t change the answer as the scanner is only ever seeing Cloudflare.

0 Likes

#8

Thanks @sdayman, this info was great.

1 Like