Support #5168
[SCP ID :##2560##] : Pentest 2014 - POODLE attacks.
Status: | Closed - End of life cycle | Start date: | January 29, 2015 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | Information Site | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:
Please advise on Pentest issue raised by IT Security team on issue POODLE attack. Please refer email sent by me to Penril support and KFH Support regarding this issue : Fw: VAPT Findings for Year 2014 (Internet Banking Segment) External Assessment
History
#1 Updated by Zahir Abd Latif over 9 years ago
Refer email Surianie : Fw: VAPT Findings for Year 2014 (Internet Banking Segment) External Assessment
In our recent findings for External VAPT , our Internet Banking site are vulnerable to POODLE attacks ( you may refer to the attachment ). Our decision is to disable this protocol. And we would like to inform to you and require your attention whether we can proceed to disable it or not. We will give you two scenarios which will impact categories by the decisions :
1. If disable the SSL3 :
2. If remain :
Below is the screenshot of which protocol its uses :
Firefox
Internet Explorer
Bear in mind that, the browser will choose which best protocols and cipher strength it. In this case is TLS RSA and TLS RC4. Still the option to use SSL is there. We are looking forward for your concerns and answers.
#2 Updated by Yap Kah Yan over 9 years ago
- Assignee changed from Yap Kah Yan to William Gozali Tan
Hi William,
Please look into this issue.
Thank you.
#3 Updated by Tan Lee Yong over 9 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
- % Done changed from 0 to 100
Please provide below answer to customer:-
We do advise you to do BAU test on UAT environment before implement to production on the new setting.
This implementation will have an impact on some older browsers and resulting in an SSL connection error. The biggest impact is Internet Explorer 6 running on Windows XP or older.
Therefore, we advise bank to inform user to use latest and supported browsers for security reason.
#4 Updated by Tan Lee Yong over 9 years ago
- Status changed from Development / Work In Progress to Pending Customer Feedback
#5 Updated by Zahir Abd Latif over 9 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- Assignee changed from William Gozali Tan to Zahir Abd Latif
Refer email : Re: [Request ID :##2560##] : Pentest 2014 - POODLE attacks
Case closed.