POODLE

POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a security vulnerability which takes advantage of the fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014 (despite the paper being dated "September 2014" ). On December 8, 2014 a variation of the POODLE vulnerability that affected TLS was announced.

This article is about the security vulnerability. For the dog breed, see poodle.

POODLE
CVE identifier(s)CVE-2014-3566
Date discoveredOctober 14, 2014 (2014-10-14)
DiscovererBodo Möller, Thai Duong, Krzysztof Kotowicz (Google Security Team)
Affected softwareAny software that supports a fallback to SSL 3.0

The CVE-ID associated with the original POODLE attack is CVE-2014-3566. F5 Networks filed for CVE-2014-8730 as well, see POODLE attack against TLS section below.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.