The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article!
Security Assessment
CVSS Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Information
The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. With the Man-In-The-Middle attack using the SSL 3.0 Fallback, an attacker can expose data of encrypted connections.
Guides
To prevent the POODLE downgrade attack, make sure that TLS_FALLBACK_SCSV is enabled and you only use a Secure TLS Configuration.
For more information about Crashtest Security visit crashtest-security.com
