Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1249195

    Guys,..

    I have a site (MacFarlane.org) that is failing PCI scans. The error is related to the fontello font. Here’s an example:
    Possible direct URL access toprotected page: /wpcontent/themes/enfold/configtemplatebuilder/avia-templatebuilder/assets/fonts/entypofontello.eot

    Some applications attempt to protect pages by hiding links to
    the page from unauthorized
    users. This form of protection
    doesn’t adequately protect the
    page if access to the page is
    still possible by requesting the
    URL directly. This may allow an
    unauthorized user who knows
    or guesses the URL to take any
    actions that an authorized user
    could take, such as adding new
    accounts or changing
    passwords.

    Any ideas what is going on here? Or how to fix it?

    #1249965

    Hey Diana,

    Thank you for the inquiry.

    We are not really sure why this warning occurs, but it looks like a false positive because the font file (.eot) is actually accessible or available in the front end, it is not a protected page or file.

    Which PCI compliance scan tool are you using?

    Best regards,
    Ismael

    #1251243
    #1252146

    Hi,

    Looks like it is a paid scanner. Have you tried asking the tool developers how to fix that particular warning?

    Best regards,
    Ismael

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.