Poodle vulnerability is back. It has been discovered that this same vulnerability applies to a certain versions of TLS as well.
Update 15-Oct-14:
As if the system admins weren't already sick and tired of patching (Heartbleed and then Shellshock), here comes another vulnerability.
It is now a trend to give your discovered vulnerability a fancy name, and so Google (the discoverer) calls it POODLE, which stands for: Padding Oracle On Downgraded Legacy Encryption.
And no, this isn't even half as bad as Heartbleed or Shellshock:
- The vulnerability is present in SSL v3 and earlier.
- This vulnerability does not put the servers at a risk, but the clients.
- This vulnerability's prerequisite is for the attacker to have network level access to the victim. So, either a MITM, sniffing wifi connections, or being NSA with hooks in the data-centers
No comments:
Post a Comment