« previous next »
Pages: [1]   Go Down

Author Topic: This website could be more secure ...avast alerts site potentially untrustworthy  (Read 871 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
This website could be more secure ...avast alerts site potentially untrustworthy
« on: June 07, 2020, 01:06:34 PM »
See: -https://www.nfinit.com/    
Unable to scan your site. Missing intermediate certificate
Server certificate is issued for different domain(s) and does NOT cover nfinit.com!
Secure Renegotiation is NOT supported.
Forward Secrecy is NOT supported.
Server certificate does NOT cover both domains with and without www.
See http://ssl-checker.online-domain-tools.com/ (perma-link will expire)
Subject-name = *.threatstop.com Issuer: Go Daddy Secure Certificate Authority - G2
Trusted by Apple, Java, Microsoft, Mozilla)
Sent by server
In trust store
Go Daddy Class 2 Certification Authority (self-signed)
2796bae63f1801e277261ba0d77770028f20eee4
RSA 2048 bits / SHA1withRSA

Retirable jQuery library:
Quote
Retire.js
jquery   1.12.4   Found in https://www.nfinit.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp<br>Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

Website developed using PHP and Word-Press CMS, which CMS version is outdated - WordPress Version
5.4 Version does not appear to be latest (5.4.1) Should be updated now:
https://en-au.wordpress.org/download/releases/

Avast says this site maybe untrustworthy.

Outdated Word Press plug-in found: wordpress-seo 13.5   Warning   latest release (14.2)
https://yoa.st/1uj

Also consider: https://www.shodan.io/host/204.68.99.217  &  https://sitereport.netcraft.com/?url=https://www.nfinit.com
Netcraft Website Risk = 1 red out of 10: Excessive server info proliferation: Apache/2.4.29 Ubuntu
Ubuntu with more and more vulnerabilities lately equalling some proriety code distro's
example: https://www.zdnet.com/article/linux-mint-dumps-ubuntu-snap/

See: -http://216.105.35.227/  insecure site. https://www.shodan.io/host/216.105.35.227 see all the vulners there.

Has Bombora Advertising Tracking - Tracking B2B Intent beyond COVID-19. With COVID-19 driving huge macro-economic shifts and a 'new normal', the use of online content to educate and inform

Lucky Orange Tracking - Privacy Impact Score Grade: E Security -3
https://webcookies.org/cookies/www.nfinit.com/30591702?182870

Improvement Recommendations found through linting 460:
https://webhint.io/scanner/03161ea2-a05f-4064-aa3b-4459381d9b9c

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »