Plex on QNAP

Plex Media Server NAS & Devices
1

Server Version#:1.13.5.291
Player Version#:

Recently i have been working on some Pen Tests and the findings report shows our PLEX server accepting weak cipher suites through port 32400. The PLEX server runs on a QNAP TVS-871U-RP running 4.3.6.0805. I am trying to understand where these settings are controlled, i have made small changes to the apache config files but every time i run the OpenVAS NVT i get that:

‘Vulnerable’ cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

‘Vulnerable’ cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

‘Vulnerable’ cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

Does anybody know exactly where these settings are defined? any help is appreciated

thanks

2

It is strongly recommended you update to a newer formal release version of PMS, particularly PMS 1.15.0 or better.

1.13.5 was alpha & proof-of-concept test for ARMv8 processors.

3

Hi Chuck
How can i update to that version, currently Apps Center is not showing any updates for PMS

Thanks

Perseus

4

You would need a PlexPass to access it right now.
In a few days, PMS 1.15.0.659 will be available to the public (non-paying customers)

5

Thank you !

Perseus

6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.