Tag Archives: SSLv3

What is POODLE SSLv3 Vulnerability?

On the fourteenth of October, 2014, a dangerous vulnerability of SSLv3 encryption protocol called POODLE (Padding Oracle On Downgraded Legacy Encryption) was detected. It allows a cracker to get the information encoded by this version of the protocol using man-in-the-middle attack. To be more precise, this bug is a possibility of Padding Oracle attack that allows an attacker to send their data to the server via SSLv3 in the name of the victim and decrypt 1 byte per 256 requests.

Theoretically, the attack can be implemented on any service that supports SSLv3 protocol. Moreover, the attacker can intentionally force the client to connect via SSLv3 More →