fbpx

Time to Say Goodbye to SSL Version 3.0

Introduction

On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.

The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3. Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.

To find out more information about the vulnerability, consult the CVE information found at CVE-2014-3566.

What is the POODLE Vulnerability?

The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.

Who is Affected by this Vulnerability?

This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.

Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.

Related Post
Post has 5 comments
  • Amado Posted March 18, 2019 in 7:19 am Reply

    Hi there! Such a great write-up, thanks!

  • luistamayo01 Posted March 18, 2019 in 9:47 am Reply

    Thanks Amado, we hope you found it helpful!

  • cloud hosting Posted May 12, 2019 in 10:44 am Reply

    Hello i am kavin, its my first time to commenting anyplace,
    when i read this article i thought i could also make comment due to this sensible
    post.

  • http://canadianorderpharmacy.com/ Posted June 3, 2019 in 4:53 pm Reply

    I’m extremely impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the nice quality writing, it’s rare to see a great blog like this one today.

  • Vernita Posted July 16, 2019 in 4:36 pm Reply

    Your mode of describing all in this post is genuinely nice, every one be able to simply
    be aware of it, Thanks a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 1 =