Tagged: , ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 29, 2020 at 1:35 am #1249195
    Red Rubber Media

    Guys,..

    I have a site (MacFarlane.org) that is failing PCI scans. The error is related to the fontello font. Here’s an example:
    Possible direct URL access toprotected page: /wpcontent/themes/enfold/configtemplatebuilder/avia-templatebuilder/assets/fonts/entypofontello.eot

    Some applications attempt to protect pages by hiding links to
    the page from unauthorized
    users. This form of protection
    doesn’t adequately protect the
    page if access to the page is
    still possible by requesting the
    URL directly. This may allow an
    unauthorized user who knows
    or guesses the URL to take any
    actions that an authorized user
    could take, such as adding new
    accounts or changing
    passwords.

    Any ideas what is going on here? Or how to fix it?

    October 2, 2020 at 4:51 am #1249965
    Ismael

    Hey Diana,

    Thank you for the inquiry.

    We are not really sure why this warning occurs, but it looks like a false positive because the font file (.eot) is actually accessible or available in the front end, it is not a protected page or file.

    Which PCI compliance scan tool are you using?

    Best regards,
    Ismael

    October 8, 2020 at 1:28 am #1251243
    Red Rubber Media

    Control Scan
    https://www.controlscan.com/

    October 12, 2020 at 4:14 am #1252146
    Ismael

    Hi,

    Looks like it is a paid scanner. Have you tried asking the tool developers how to fix that particular warning?

    Best regards,
    Ismael

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.