× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

whip313
Initiate

ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

We have two ReadyNas 314 units that host FTPS connections available to the internet.  How can we disable TLSv1.0 and SSLv3 as encryption algorithms?

 

Even though absolutely no credit card data ever passes through these devices or is stored on them, simply having them responding on our network is enough to cause us to fail our PCI compliance scan every time.

 

TLSv1.0 Supported Medium 5.00 Fail Note to scan customer:

This vulnerability is not recognized in the National Vulnerability

Database. TLS v1.0 violates PCI DSS and is considered an automatic

failing condition.

 

Insecure Certificate Signature

Algorithm in Use, CVE-2004-

2761

Medium 5.00 Fail

 

SSL Certificate Public Key Too

Small

Medium 5.00 Fail

 

SSLv3 Supported, CVE-2014-

3566

Medium 5.00 Fail Note to scan customer:

SSL v3.0 violates PCI DSS and is considered an automatic failing

condition.

 

All of these conditions are being triggered by the ReadyNAS devices.

 

Please tell me there is a way to get into the CLI and disable them?  If not, we need a new firmware immediately.  This is unacceptable.

 

 

 

 

 

 

 

 

 

 

 

 

Message 1 of 5
Danthem
NETGEAR Employee

Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

Sent you a PM

Message 2 of 5
ReadySECURE
Apprentice

Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

Hi,

Did you get this resolved?

Could you also provide what firmware version you were using during the testing?

Message 3 of 5
ray-sprong
Aspirant

Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

What was the resolution of the failed compliance issue?  I have the same problem with the FVS318V3 running V3.0_28.

 

  
Model: FVS318v3|Cable/DSL ProSafe VPN Firewall with 8-port switch
Message 4 of 5
JohnRo
NETGEAR Employee Retired

Re: ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3

Hello ray-sprong, 

 

Welcome to the community! 

 

Firmware version V3.0._28 is the fix for critical vulnerability issue (SSL/TLX Authentication GAP issue). If yours is not fixed, try a firmware reflash followed by a factory reset and see if it will resolve it. 

 

Let us know. 

 

thanks, 

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 4011 views
  • 1 kudo
  • 5 in conversation
Announcements