Hi,
This is old issue, it bothers me since the cost of credit card process is very high due to in-compliance with PCI. A security check perfomed by Security matics (www.securitymetrics.com). One major issue is the following:
Synopsis : The remote web server might transmit credentials in cleartext. Description : The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. Solution: Make sure that every sensitive form transmits content over HTTPS. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Other references : CWE:522, CWE:523, CWE:718, CWE:724
Does anyone know how to fix it ? I am using CS1.35, host is hostmonster.
Thanks in Advance.
Yong
Your problem is two-fold.
One, you are using CS-Cart 1.3.5x which hasn't kept up in terms of PCI compliance. If I recall it correctly, PCI compliance became an issue for 2.0.x version and from that point was actively developed against by CS-Cart.
Two, you are using HostMonster which won't leave you with enough resources to run a software firewall and appropriate security enhancements which in most cases can 'push' sites through the PCI scanning measures. example: encrypted cookies
Thanks, if I upgrade to cs-cart 2.xx, the problem will go away ?
[quote name='yjiang' timestamp='1336490946' post='136067']
Thanks, if I upgrade to cs-cart 2.xx, the problem will go away ?
[/quote]
You are still hosted with HostMonster, you'll require their assistance in plugging all security holes and more than likely pay them a tidy sum to do this for you.
Short answer: no.