PCI DSS Compliance : Insecure Communication Has Been Detected

medium Nessus Plugin ID 56208

Synopsis

An insecure port, protocol, or service has been detected.

Description

Applications that fail to adequately encrypt network traffic using strong cryptography are at increased risk of being compromised and exposing cardholder data. An attacker who is able to exploit weak cryptographic processes can gain control of an application or even gain cleartext access to encrypted data.

Solution

Properly encrypt all authenticated and sensitive communications.

Plugin Details

Severity: Medium

ID: 56208

File Name: pci_cleartext_credentials.nasl

Version: 1.9

Type: remote

Published: 9/15/2011

Updated: 4/22/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: Settings/PCI_DSS

Excluded KB Items: Settings/PCI_DSS_local_checks