The POODLE attack
Impact: Medium
Description
The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Wikipedia
Recommendation
Disable SSL 3.
References
- Wikipedia: POODLE
- Wikipedia: Man-in-the-middle attack
- CWE-327
- OWASP 2017-A3
- OWASP 2021-A2
- CVE-2014-3566
- OWASP 2017-A9
- OWASP 2021-A6
👉 You might also like:
CRIME (SPDY) attack - CVE-2012-4930
CRIME (SSL/TLS) attack - CVE-2012-4929
The Heartbleed Bug - CVE-2014-0160
Secure Renegotiation is not supported - CVE-2009-3555
Last updated on April 04, 2021