Prevent SSL POODLE

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article!

Security Assessment

Security_Assessment_ PreventSSLPOODLE

CVSS Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. With the Man-In-The-Middle attack using the SSL 3.0 Fallback, an attacker can expose data of encrypted connections.

Guides

To prevent the POODLE downgrade attack, make sure that TLS_FALLBACK_SCSV is enabled and you only use a Secure TLS Configuration.

For more information about Crashtest Security visit crashtest-security.com