Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Plugins: Payment, Shipment and others => Topic started by: mronayne on April 19, 2016, 20:11:33 PM

Title: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: mronayne on April 19, 2016, 20:11:33 PM
I've been receiving notices from Authorize.net about upcoming changes to their APIs and security cipher.
I am running version 3.0.6.4 of the Authorize.net AIM plugin now - does it meet the most current requirements of Authorize.net?

Here is the part about the RC4 Cipher:

RC4 Cipher Disablement
In an effort to ensure that all server-to-server communications with the Authorize.Net platform (both transactional and otherwise) maintain the highest levels of security, we will be disabling the RC4 cipher suite in the sandbox on April 29, 2016, and in the production environment on May 31, 2016.

If you have a solution that relies on RC4 to communicate with our servers, please update it to a current, high-security cipher as soon as possible. Please review our API best practices blog post for more information.

This is important to know...
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: sohopros on April 19, 2016, 21:08:38 PM
We got the same notice and are wondering about this as well.  Anyone?
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: neo314 on April 21, 2016, 19:37:30 PM
I have the same question for version 2.0.12f using the full domain url for connection.
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: GJC Web Design on April 21, 2016, 20:04:50 PM
Quote2.0.12f

vm2.0.12f ?????

if so wouldn't worry.. you'll be hacked long before the requirement..  ;)
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: neo314 on April 21, 2016, 22:10:54 PM
Quote from: GJC Web Design on April 21, 2016, 20:04:50 PM
Quote2.0.12f

vm2.0.12f ?????

if so wouldn't worry.. you'll be hacked long before the requirement..  ;)

Thanks, that is really helpful.

For what it is worth, the site runs 2.0.22a but the plugin reports 2.0.12f, and the client has to want to upgrade. Nothing comes for free.
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: Studio 42 on May 01, 2016, 18:20:54 PM
Hi Neo,
GJC Web Design want to inform you, that in all case your shop is obsolete and if some changes are done in the code, this is certainly not vm 2.0.12 compatible(or you are lucky).
This was a little Joke, but a more standard answer is.
"Please update to VM 3.0.14 and Joomla 3.5, you release is not maintained anymore since End 2015 and have vulnerabilities"
Title: Re: Does the Authorize.net AIM plugin meet 2016 AN Requirements?
Post by: GJC Web Design on May 01, 2016, 22:01:38 PM
QuoteNothing comes for free.

I am commissioned to fix at least 1-2 hacked  sites a week..  believe me.. it costs much more in time and downtime and lost sales than an upgrade to the latest stable/secure...
Even in your case to bring it to the last J2.5 with patch and VM2.6.22 would IMHO be enough...

But leaving it on 2.0.x is just ... well.. u know my opinion
Text only | Text with Images