Overview
Payment Card Industry Data Security Standard (PCI DSS) is a proprietary security standard required by some banks in order to allow the company to process and store data about credit cards and payments.
To be in compliance with PCI DSS, some 3rd party security companies can verify compliance. Usually, they run the Nessus scanner and report any potential vulnerabilities or insecure issues.
The administrator can configure Kerio Connect to use supported cipher suites to ensure PCI DSS compliance. For more information, please refer to Configuring SSL/TLS Variables in Kerio Connect.
Kerio Connect and PCI
Note: always upgrade to the latest version of Kerio Connect for the best security!
The list of known vulnerabilities
Clickjacking vulnerability in Kerio Connect 8 and 9 (CVE-2017-7440)
Kerio Connect Not Impacted by Exim Vulnerability (CVE-2019-10149)
How to test SSL vulnerabilities
To test SSL vulnerabilities, use an online test, for example, the SslLabs website, or the Nmap tool.