PayPal PCI Compliance security issues
Hi,
I recently attempted to activate PayPal on one of my accounts, but unfortunately, my application was rejected. I received feedback from PayPal Vulnerabilities Report regarding the rejection, and I wanted to understand their reasons for the decision.
17704 - OpenSSH S/KEY Authentication Account Enumeration
17705 - OPIE w/ OpenSSH Account Enumeration
17744 - OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing
33929 - PCI DSS compliance
56208 - PCI DSS Compliance : Insecure Communication Has Been Detected
56209 - PCI DSS Compliance : Remote Access Software Has Been Detected
86328 - SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam)
99359 - OpenSSH < 7.5
106459 - Weak DH Key Exchange Supported (PCI DSS)
154174 - OpenSSH 6.2 < 8.8
159492 - OpenSSH PCI Disputed Vulnerabilities
What can I do ?
-
First check for a false-positive. They should have provided a CVE reference, which you can check in the changelog: rpm -qa --changelog openssh-server |grep $CVE If it's not listed in there, your best option is to close your SSH port, otherwise you'll need to manually upgrade. I have instructions on my site on how to do this. 0 -
Hello! I'd recommend opening a ticket with our team so we can provide some specific advice regarding this issue. Although performing a full security audit falls outside of our scope of support, if you create a new ticket and attach your full PCI scan, we can escalate the ticket to our Level 3 analysts as a courtesy so they can get you pointed in the right direction: 0 -
Hello! I'd recommend opening a ticket with our team so we can provide some specific advice regarding this issue. Although performing a full security audit falls outside of our scope of support, if you create a new ticket and attach your full PCI scan, we can escalate the ticket to our Level 3 analysts as a courtesy so they can get you pointed in the right direction:
0 -
I'm following along with that ticket now, and I see you're still waiting to hear back from PayPal. 0
Please sign in to leave a comment.
Comments
4 comments