A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known as Poodle (Padding Oracle On Downgraded Legacy Encryption) allows attackers to decrypt data that you may have thought was being transmitted over a secure HTTPS / SSL connection. The result is that attackers can use this flaw to compromise your online accounts (e.g., by stealing authentication cookies) via a man-in-the-middle attack. The flaw exploits a shortcoming in how padding is handled within the use of the Cipher Block Chaining (CBC) mode within SSLv3. The vulnerability was assigned Common Vulnerabilities and Exposures / CVE-2014-3566. And it was discovered by Bodo Moller, Thai Duong, Krzysztof Kotowicz. In this SOCTalk Video, Elastica's CTO Dr. Zulfikar Ramzan walks through the mechanics of the Poodle vulnerability and explains its implications.
Thanks for watching!
Follow us on social media: