Select Reports > Portal > Repository > Standard Content > PCI > PCI Reports > Requirement 4:Encryption Transmission.
Requirement 4 focuses on about managing and maintaining the security of the card holder data when it is transmitted over open or public networks. Malicious users can exploit vulnerabilities in cryptographic hashes and keys, as well as SSL and TLS. For example, the Heartbleed Bug is a known SSL vulnerability.
Use the following reports to check for vulnerabilities associated with transmitting encrypted data.
Reports events by host name that indicate potential vulnerabilities related to hash algorithms. All cryptographic hashes that directly use the full output of a Merkle–Damgård construction are vulnerable to length extension attacks. The table provides results by name of the event, host and IP address, and number of events.
Reports flaws found in cryptographic public keys on hosts, as reported by vulnerability scanners in your environment. The table provides results by name of the event, host and IP address, and number of events.
Reports all SSL and TLS vulnerabilities detected by host name. The table provides results by name of the event, host and IP address, and number of events.
Reports TLS BREACH vulnerabilities detected by host name. A TLS BREACH attack is a form of the CRIME attack against HTTP compression. The table provides results by name of the event, host and IP address, and number of events.
Reports the hosts detected of having vulnerabilities to a TLS CRIME attack. In a CRIME attack, malicious users access the content of secret authentication cookies, so they can hijack sessions of an authenticated web session, then launch additional attacks. The table provides results by name of the event, host and IP address, and number of events.
Reports the hosts that have wireless encryption violations, as detected by vulnerability scanners. The table provides results by name of the event, host and IP address, and number of events.