0092 - 313-4567341

SSL3 “POODLE” Vulnerability

  Zahid Mughal   Nov 26, 2014   Blog   0 Comment

poodle

Description

POODLE which stands for “Padding Oracle On Downgraded Legacy Encryption”, describes a security vulnerability in the SSL Version 3 cryptogram used by older Internet browsers. If you’re not a developer, SSL is what your web browser uses to securely send data to web servers when you’re entering information like credit cards. When you see the green HTTPS appear in Chrome, you’re communicating via SSL.
The POODLE vulnerability was identified and released in September 2014 by the Google Security Team.It is an attack on the SSL 3.0 protocol and it is a protocol flaw, not an implementation issue; every implementation of SSL 3.0 suffers from it.

Attack Scenario

The attack requires to be able to inject data of their own, and to intercept the encrypted bytes. The only plausible context where such a thing happens is a Web browser. In that case, Poodle is, like BEAST and CRIME, an attack on the client, not on the server.

What we need to secure our application from this vulnerability?

Your vendor publishes security fixes; install them. Install the patches. All the patches. Do that. For Poodle and for all other vulnerabilities. You cannot afford not to install them, and that is not new. You should already be doing that.

About Zahid Mughal

I have rich experience in WordPress Speed Optiomization which includes optimization of images, css, js, database and code. i’m also working as full-stack wordpress developer to provide PSD to HTML pixel perfect themes development, Plugins development. I’m also Certified (C|EH v.9) Ethical Hacker and having excellent skills in WordPress websites security, malware removal techniques, white-list websites from Google Black-list database. I’m also Top Ranked Website Security Analyst (Penetration Tester) Over $200k Earned at Upwork (2012-present) with both freelancing and agency profile. In WordPress website security, i mostly follow the best techniques to find and remove the vulnerabilities, backdoor from plugins, codes and database. WordPress website Code Audit is one of my favourite job.

Post a Comment

Your email address will not be published. Required fields are marked *

*

Magentogems
Delta Road, Sharif Colony Gujranwala, 52250 +92-313-4567341