From the Blog

Fixing Weak Cipher Suites

Nessus Summary Nessus ID: 26928 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix This vulnerability is cased by a weak strength cipher being present in

Read More »

Fixing SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Nessus Summary Nessus ID: 65821 CVSS v3.0 Base Score: 2.6 Nessus Description: The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its

Read More »

Fixing SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

Nessus Summary Nessus ID: 69551 CVSS v3.0 Base Score: 1.4 Nessus Description At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048

Read More »

contact form 7 vulnerability

Contact Form 7 Vulnerability was published by our penetration tester, Hannah Sharp, in February of 2014. The Rock Lobster Contact Form 7 WordPress plugin, prior to version 3.7.2, could allow remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter. The Contact Form 7 vulnerability was discovered

Read More »
Scroll to Top