Magensa incident

Notification: Changes to TLS Versions & Ciphers being implemented.

Notice Resolved View vendor source →

Magensa experienced a notice incident on October 2, 2023 affecting MPPG (All versions) and Decrypt v1 and 1 more component, lasting 10d 7h. The incident has been resolved; the full update timeline is below.

Started
Oct 02, 2023, 03:11 PM UTC
Resolved
Oct 12, 2023, 10:22 PM UTC
Duration
10d 7h
Detected by Pingoru
Oct 02, 2023, 03:11 PM UTC

Affected components

MPPG (All versions)Decrypt v1Decrypt v2Decrypt and Forward (All versions)QwickPAY Mobile/Virtual TerminalRemote Services (RS2, RS3, RMS)www.MagTek.comwww.Magensa.netwww.QwickPAY.com

Update timeline

  1. investigating Oct 02, 2023, 03:11 PM UTC

    Starting 8:00am (PT) on October 2nd, 2023, Magensa will start removing CBC-based ciphers from all our service endpoints. This change is essential to align with current industry best practices and comply with PCI-DSS standards. Connection attempts that do not include a supported cipher will be rejected. Notifications have been sent out recently regarding this change.

  2. monitoring Oct 05, 2023, 05:19 PM UTC

    A fix has been implemented and we are monitoring the results.

  3. monitoring Oct 09, 2023, 02:37 PM UTC

    Starting 8:00am (PT) on October 9th, 2023, Magensa will start removing CBC-based ciphers from mppg.magensa.net and decrypt.magensa.net service endpoints. This change is essential to align with current industry best practices and comply with PCI-DSS standards. Connection attempts that do not include a supported cipher will be rejected.

  4. resolved Oct 12, 2023, 10:22 PM UTC

    This incident has been resolved.