TLS 1.1 版通訊協定偵測 (PCI DSS)
high Nessus Plugin ID 139414
語系:
概要
The remote service encrypts traffic using a protocol with known weaknesses.說明
遠端服務接受使用 TLS 1.1 加密的連線。此版本的 TLS 受到多個密碼編譯瑕疵影響。攻擊者可惡意利用這些瑕疵,進行攔截式攻擊或解密受影響服務和用戶端之間的通訊。解決方案
All processing and third party entities - including Acquirers, Processors, Gateways and Service Providers must provide a TLS 1.2 or greater service offering by June 2018. All processing and third party entities must cutover to a secure version of TLS (as defined by NIST) effective June 2018.Plugin 詳細資訊
嚴重性: High
ID: 139414
檔案名稱: pci_tls_11_deprecated.nasl
版本: 1.1
類型: remote
已發布: 2020/8/7
已更新: 2020/8/7
支援的感應器: Nessus
風險資訊
CVSS 評分論據: Score from an in depth analysis done by tenable
CVSS v2
風險因素: High
基本分數: 8.5
媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N
CVSS 評分資料來源: manual
CVSS v3
風險因素: High
基本分數: 8.2
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
弱點資訊
必要的 KB 項目: SSL/Supported, Settings/PCI_DSS
排除在外的 KB 項目: Settings/PCI_DSS_local_checks