POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

No dog here!

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory.
POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechansim known as Transport Socket Layer (TLS)

Microsoft’s products were not affected by HeartBleed but this time, even if the criticity is far less, Microsoft’s products are in the scope.
This vulnerability (CVE-2014-3566) allows the plaintext of secure connections to be calculated by a network attacker. This issue has been discovered by Bodo Möller (Google Security Team) in collaboration with Thai Duong and Krzysztof Kotowicz.

> https://technet.microsoft.com/en-us/library/security/3009008.aspx
> http://googleonlinesecurity.blogspot.be/2014/10/this-poodle-bites-exploiting-ssl-30.html

Leave a Reply

Scroll to Top