NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
SSLv3
1 Topic
ReadyNAS Weak Encryption PCI Compliance Fails TLS1.0 & SSLv3
We have two ReadyNas 314 units that host FTPS connections available to the internet. How can we disable TLSv1.0 and SSLv3 as encryption algorithms? Even though absolutely no credit card data ever passes through these devices or is stored on them, simply having them responding on our network is enough to cause us to fail our PCI compliance scan every time. TLSv1.0 Supported Medium 5.00 Fail Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. TLS v1.0 violates PCI DSS and is considered an automatic failing condition. Insecure Certificate Signature Algorithm in Use, CVE-2004- 2761 Medium 5.00 Fail SSL Certificate Public Key Too Small Medium 5.00 Fail SSLv3 Supported, CVE-2014- 3566 Medium 5.00 Fail Note to scan customer: SSL v3.0 violates PCI DSS and is considered an automatic failing condition. All of these conditions are being triggered by the ReadyNAS devices. Please tell me there is a way to get into the CLI and disable them? If not, we need a new firmware immediately. This is unacceptable.4.4KViews1like4Comments