POODLE SSLv3.0 Vulnerability CVE-2014-3566

  • HOME
  • >
  • NEWS
  • >
  • POODLE SSLv3.0 Vulnerability CVE-2014-3566
Published: , Last Updated:
May 4, 2020

It has been few days that some rumors were talking about a new SSLv3 vulnerability. It's been confirmed yesterday by the Google Security team as they released the details of the vulnerability. See CVE-2014-3566.

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

You must disable SSLv3.0 or CBC-mode ciphers with SSLv3.0 to mitigate the issue. You should make sure to do this for all your services, including third party services like Amazon AWS CloudFront.

References:

Related news posts that you may like
What's New in Focal Fossa Ubuntu 20.04 LTS?
Ubuntu 20.04 LTS is available for download. Find out some of the major security and performance improvements from this new distribution, including the introduction of WireGuard VPN, upgraded suite of software packages, faster boot time, etc.
What's New in GNU Bash 5?
Bash version 5 is generally available and comes with some important improvements and new features like BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME.
Top 5 Machine Learning and Self-Healing Techniques used by SRE
Applying Machine Learning and Self-Healing techniques to the day operations of a production system has become common practices for most SREs. This post cover some real production use cases like automated failover, forecasting, anomalies detection, risk classification and so on.