NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
We have two ReadyNas 314 units that host FTPS connections available to the internet. How can we disable TLSv1.0 and SSLv3 as encryption algorithms?
Even though absolutely no credit card data ever passes through these devices or is stored on them, simply having them responding on our network is enough to cause us to fail our PCI compliance scan every time.
TLSv1.0 Supported Medium 5.00 Fail Note to scan customer:
This vulnerability is not recognized in the National Vulnerability
Database. TLS v1.0 violates PCI DSS and is considered an automatic
failing condition.
Insecure Certificate Signature
Algorithm in Use, CVE-2004-
2761
Medium 5.00 Fail
SSL Certificate Public Key Too
Small
Medium 5.00 Fail
SSLv3 Supported, CVE-2014-
3566
Medium 5.00 Fail Note to scan customer:
SSL v3.0 violates PCI DSS and is considered an automatic failing
condition.
All of these conditions are being triggered by the ReadyNAS devices.
Please tell me there is a way to get into the CLI and disable them? If not, we need a new firmware immediately. This is unacceptable.
4 Replies
Replies have been turned off for this discussion
Sent you a PM
Hi,
Did you get this resolved?
Could you also provide what firmware version you were using during the testing?
What was the resolution of the failed compliance issue? I have the same problem with the FVS318V3 running V3.0_28.
Hello ray-sprong,
Welcome to the community!
Firmware version V3.0._28 is the fix for critical vulnerability issue (SSL/TLX Authentication GAP issue). If yours is not fixed, try a firmware reflash followed by a factory reset and see if it will resolve it.
Let us know.
thanks,
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
