realraum.at Website security check

realraum / noc

No Online Connection

Apache License 2.0

4 stars 0 forks source link

realraum.at Website security check #70

Open btittelbach opened 4 years ago

btittelbach commented 4 years ago

Im CCC gibt es grad den Aufruf die Chaostreff Webseiten mal auf Security zu checken. Der c3w hat eine Test-Liste für die AT-Spaces erstellt: https://privacyscore.org/list/425/?categories=privacy%2Cssl%2Csecurity%2Cmx

realraum im Konkreten: https://privacyscore.org/site/164307/

Issues im Konkreten:

referer policy no-referrer not set
realraum.at vulnerable to CVE-2009-3555
realraum.at may be vulnerable to CVE-2013-0169, CVE-2011-3389, CVE-2013-3587

stefan2904 commented 4 years ago

current WP version: 5.4.1 (29. April 2020)
we use: 5.0.4 (March 13, 2019)
- vulnerable to e.g. https://wpvulndb.com/vulnerabilities/9867 (fixed in 5.0.6)

the amr-ical-events-list is apparently not so nice, but appears OK ("The following plugins were detected by reading the HTML source of the WordPress sites front page").

stefan2904 commented 4 years ago

ad TLS: https://www.ssllabs.com/ssltest/analyze.html?d=wp.realraum.at&s=89.106.211.56&latest

maybe use https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4