poodle-ssl3-vulnerability

Recommendations for POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

RedyHost security team has been made aware of a vulnerability in the SSLv3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSLv3.0 are affected. What Is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory. Netscape originally developed Secure Sockets Layer (SSL) to be a means of protecting data as it was sent across a network. Version 1 was never released, and when SSLv2 came out in 1995, there were a number of flaws that made […]

Continue reading