PCI-DSS 4.0 4.2.1
Strong cryptography and security protocols
UnveilScan findings mapped to this control
The scanner emits 20 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
dns.dnssec_weak_algo
⏱ 2h
DNS — Dnssec weak algo
Risk if ignored: Signatures produced with RSASHA1/RSAMD5 can be forged with feasible compute — DNSSEC protection is effectively void.
security
Also maps to 2 other controls
email.mx_no_starttls
⏱ 1h
EMAIL — Mx no starttls
Risk if ignored: Every message travels unencrypted to your MX — passive sniffing, SMTP MITM trivial.
security legal
Also maps to 2 other controls
tls.cert_expired
⏱ 30 min
TLS — Cert expired
Risk if ignored: Every visitor sees a browser error page. Traffic, trust and SEO collapse until the certificate is renewed.
operational reputational
tls.cert_self_signed
⏱ 15 min
TLS — Cert self signed
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
tls.ticket_key_not_rotated
⏱ 1h
TLS — Ticket key not rotated
Risk if ignored: A single ticket-key exfiltration lets the attacker decrypt every past session encrypted under it (forward-secrecy loss).
security
Also maps to 1 other control
tls.weak_cipher_suite
⏱ 15 min
TLS — Weak cipher suite
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
tls.weak_signature_alg
⏱ 15 min
TLS — Weak signature alg
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.cert_file_public_backup_server_pfx
⏱ 15 min
WEB — Cert file public backup server pfx
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_cert_key
⏱ 15 min
WEB — Cert file public cert key
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_key_pem
⏱ 15 min
WEB — Cert file public key pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_keystore_jks
⏱ 15 min
WEB — Cert file public keystore jks
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_keystore_p12
⏱ 15 min
WEB — Cert file public keystore p12
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_pki_private_key_pem
⏱ 15 min
WEB — Cert file public pki private key pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_private_key
⏱ 15 min
WEB — Cert file public private key
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_private_pem
⏱ 15 min
WEB — Cert file public private pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_privkey_pem
⏱ 4h
WEB — Cert file public privkey pem
Risk if ignored: Your TLS private key is downloadable — every past and future session encrypted under the matching cert is exposed. Rotate + revoke the cert immediately.
security legal
Also maps to 1 other control
web.cert_file_public_server_key
⏱ 15 min
WEB — Cert file public server key
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_server_pem
⏱ 15 min
WEB — Cert file public server pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.cert_file_public_ssl_server_pem
⏱ 15 min
WEB — Cert file public ssl server pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_tls_key
⏱ 15 min
WEB — Cert file public tls key
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational