Prevent SSL POODLE

Borislav Kiprin

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article!

Security Assessment

CVSS Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. With the Man-In-The-Middle attack using the SSL 3.0 Fallback, an attacker can expose data of encrypted connections.

Guides

To prevent the POODLE downgrade attack, make sure that TLS_FALLBACK_SCSV is enabled and you only use a Secure TLS Configuration.

Prevent SSL POODLE

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article!

Security Assessment

Vulnerability Information

Guides

For more information about Crashtest Security visit crashtest-security.com

Offer

Resources

Legal

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article!

Security Assessment

Vulnerability Information

Guides

For more information about Crashtest Security visit crashtest-security.com

Related Articles

Prevent SSL LOGJAM

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512...

Enable HSTS

The webserver does not offer HTTP Strict Transport Security (HSTS). HSTS enforces HTTPS connections. This prevents downgrade attacks to an insecure HTTP connection.

...

Offer

Resources

Legal