The POODLE attack
Impact: Medium
Description
The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) is a vulnerability that exploits SSL 3.0 fallback mechanisms in internet and security software clients. Attackers can intercept and decrypt sensitive information by forcing the use of SSL 3.0 and exploiting its weak encryption. This attack poses a significant risk to confidentiality and integrity.
Recommendation
Disable SSL 3.0 support on servers and clients to prevent exploitation. Use modern TLS protocols and configure servers to prioritize their use over SSL 3.0. Regularly update and patch software to mitigate known vulnerabilities.
References
- CVE-2014-3566
- CWE-16
- CWE-327
- OWASP 2021-A2
- OWASP 2021-A5
- OWASP 2021-A6
- Wikipedia: Man-in-the-middle attack
- Wikipedia: POODLE
👉 You might also like:
BREACH attack - CVE-2013-3587
CRIME (SPDY) attack - CVE-2012-4930
CRIME (SSL/TLS) attack - CVE-2012-4929
Secure Renegotiation is not supported - CVE-2009-3555
Last updated on May 13, 2024