The vulnerability of SSL 3.0 encrypted protocol has been disclosed on October 14th, 2014 . This vulnerability, named POODLE (Padding Oracle On Downgraded Legacy Encryption) allows the attacker to read the information, encrypted in SSL 3.0 protocol, exploiting man-in-the-middle attack.
POODLE SSV3 vulnerability
This vulnerability affects any software, in which SSLv3 encryption is used: web-browsers, web-servers, mail servers, etc.
How it works?
The POODLE vulnerability does happen because SSLv3 protocol does not verify the encrypted contents properly. The attacker can interfere and replace the data. In certain conditions, the recipient can receive the modified data without any notes of warning.
The attacker can interfere if:
– The attacker can track and monitor the traffic between the sender and the receiver;
– The attacker knows the receiver/sender ‘s text and makes the requests on behalf of the receiver/sender.
Prevent a POODLE attack :
The only approach to POODLE attack prevention is to disable SSLv3 on the client and server sides and to use the latest version of TLS (Transport Layer Security) cryptographic protocols.
Disable SSLv3?
Here we are disable SSLv3 support on client browser disable SSLv3 ..
Firefox >34 has disabled SSL 3.0. In Firefox <34 the configuration of the browser should be made:
about : config → security.tls.version.min=1
or use the extension Add -on.
The browsers, based on Chromium, should be launched with the key
–ssl-version-min=t1s1
In Internet Explorer, delete a check mark on “SSLv3” in security settings.
For Web Server disable SSLv3 support , you can refer our article for SSLv3 disable.click below link.
How To Protect Server from POODLE SSLv3 Vulnerability ?
The Poodle attack can be a potential threat for services and clients, who still use SSLv3 protocol.
Check server applications with the help of on-line service: http://poodlebleed.com/.
Check your browser for the vulnerabilities here: https://www.poodletest.com/.