POODLE (Padding Oracle On Downgraded Legacy Encyption) Attack

POODLE is a security bug. This bug can be exploited by man-in-the-middle attack. This web application supports SSLv3 and CBC-mode ciphers and is potentially vulnerable to an active Man in the middle attack also called POODLE attack.A network attacker can extract the plaintext of targeted parts of an SSL connection. This usually include cookie data.

Impact

The man-in-the-middle attack will be the most expensive breach to the vnerability

Mitigation / Precaution

The following is the solution for the vulnerability:-

  • It is recommended use supported browsers and server supporting TLS_FALLBACK_SCSV negotiation.
  • Disable all SSLv2 and SSLv3.

Related Articles