Chalk talk

Sales sales@elastica.net
Play Video

SSLv3 Poodle Vulnerability (CVE­-2014­-3566): Description and High-Level Mechanics

A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known […]

Share this article

0 0

A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known as Poodle (Padding Oracle On Downgraded Legacy Encryption) allows attackers to decrypt data that you may have thought was being transmitted over a secure HTTPS / SSL connection. The result is that attackers can use this flaw to compromise your online accounts (e.g., by stealing authentication cookies) via a man-in-the-middle attack. The flaw exploits a shortcoming in how padding is handled within the use of the Cipher Block Chaining (CBC) mode within SSLv3. The vulnerability was assigned Common Vulnerabilities and Exposures / CVE-2014-­3566. And it was discovered by Bodo Moller, Thai Duong, Krzysztof Kotowicz. In this SOCTalk Video, Elastica walks through the mechanics of the Poodle vulnerability and explains its implications.

Read next

Bash Code Injection (Shellshock) CVE-2014-6271

REQUEST FREE
RISK ASSESSMENT
AND TRIAL