Poodle SSLv3 Vulnerability

The of SSL 3.0 encrypted protocol has been disclosed on October 14th, 2014 . This vulnerability, named POODLE (Padding Oracle On Downgraded Legacy Encryption) allows the attacker to read the information, encrypted in SSL 3.0 protocol, exploiting man-in-the-middle attack.

 POODLE SSV3

This affects any software, in which encryption is used: web-browsers, web-servers, mail servers, etc.

How it works?

The POODLE does happen because protocol does not verify the encrypted contents properly. The attacker can interfere and replace the data.  In certain conditions, the recipient can receive the modified data without any notes of warning.

The attacker can interfere if:

– The attacker can track and monitor the traffic between the sender and the receiver;

– The attacker knows the receiver/sender ‘s text and makes the requests on behalf of the receiver/sender.

Prevent a POODLE attack :

The only approach to POODLE attack prevention is to disable on the client and server sides and to use the latest version of TLS (Transport Layer Security) cryptographic protocols.

Disable SSLv3?

Here we are disable support on  client browser disable SSLv3 ..

Firefox >34 has disabled SSL 3.0. In Firefox <34 the configuration of the browser should be made:

about : config  → security.tls.version.min=1

or use the extension Add -on.

The browsers, based on Chromium, should be launched with the key

–ssl-version-min=t1s1

In Internet Explorer, delete a check mark on “SSLv3” in security settings.

For Web Server disable support , you can refer our article for SSLv3 disable.click below link.

How To Protect Server from POODLE SSLv3 Vulnerability ?

 

The Poodle attack can be a potential threat for services and clients, who still use protocol.

Check server applications with the help of on-line service: http://poodlebleed.com/.

Check your browser for the vulnerabilities here: https://www.poodletest.com/.

 

 

About Sachin Gupta

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks!

Have any Question or Comment?

Leave a Reply

Your email address will not be published.