SSLv3 Poodle Vulnerability (CVE-2014-3566): Description and High-Level Mechanics
A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known […]
A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known as Poodle (Padding Oracle On Downgraded Legacy Encryption) allows attackers to decrypt data that you may have thought was being transmitted over a secure HTTPS / SSL connection. The result is that attackers can use this flaw to compromise your online accounts (e.g., by stealing authentication cookies) via a man-in-the-middle attack. The flaw exploits a shortcoming in how padding is handled within the use of the Cipher Block Chaining (CBC) mode within SSLv3. The vulnerability was assigned Common Vulnerabilities and Exposures / CVE-2014-3566. And it was discovered by Bodo Moller, Thai Duong, Krzysztof Kotowicz. In this SOCTalk Video, Elastica walks through the mechanics of the Poodle vulnerability and explains its implications.