Description
The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) is a vulnerability that exploits SSL 3.0 fallback mechanisms in internet and security software clients. Attackers can intercept and decrypt sensitive information by forcing the use of SSL 3.0 and exploiting its weak encryption. This attack poses a significant risk to confidentiality and integrity.
Recommendation
Disable SSL 3.0 support on servers and clients to prevent exploitation. Use modern TLS protocols and configure servers to prioritize their use over SSL 3.0. Regularly update and patch software to mitigate known vulnerabilities.
References
- Wikipedia: POODLE
- Wikipedia: Man-in-the-middle attack
- CVE-2014-3566
- CWE-16
- CWE-327
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A5
- OWASP 2021-A6