PCI Fails SSH weak hashing and key exchange

E

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
So one of my customers PCI scans is failing from Trustwave for these 2:

Weak SSH Hashing Algorithms
Weak SSH Key Exchange

None of my other Domains on that server are failing Controlscan PCI scans. The best part is the description "This vulnerability is not recognized by the national vulnerability database". I have tried disputing but they aren't budging.

How do I update the Hashing and Exchange Algo's ..... I messed with it a bit before posting here and all I did was kill ssh lol
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello Eric,

The following thread includes some examples of cipher and protocol settings utilized by another user for the purpose of passing Trustwave PCI compliance tests:

I need to disable TLS v1.0

Can you let me know if that helps? If not, could you ask Trustwave to provide more specific information about why the server is not passing?

Thank you.
 
E

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
I launched a new scan for that customer

Just got a fail from a different provider same server lol. Some of this stuff is just ridiculous now 2083,2087,2096 are considered LLL backdoors...... they really dont want us using CPANEL

upload_2018-8-1_15-58-24.png
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
ehask71 said:
Some of this stuff is just ridiculous now 2083,2087,2096 are considered LLL backdoors...... they really dont want us using CPANEL
Click to expand...
Hello,

Here's a thread that may help to address that specific report:

SOLVED - PCI Fails - Sweet32 on Ports 2083/2087

If not, can you ask the PCI provider for more specific details about why those ports are failing? It's possible it's a false positive.

Thank you.
 
E

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
Last edited by a moderator:
  • Like
Reactions: cPanelMichael
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
V PCI Scan - /webmail fails Security 7
V SOLVED PCI DSS scan fails OpenSSH Security 6
S cPanel / Comodo Service SSL Certificate Fails PCI Security 1
E SOLVED PCI Fails - Sweet32 on Ports 2083/2087 Security 2
S SOLVED PCI Scan Fails On Web Services Ports Security 22
Similar threads
PCI Scan - /webmail fails
SOLVED PCI DSS scan fails OpenSSH
cPanel / Comodo Service SSL Certificate Fails PCI
SOLVED PCI Fails - Sweet32 on Ports 2083/2087
SOLVED PCI Scan Fails On Web Services Ports
Top Bottom