Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Endpoint Security

Management and Reporting

Secure Mobile Access

Secure Wireless

What is the POODLE attack?

12/20/2019 1128 12399

DESCRIPTION:
What is the POODLE attack?

RESOLUTION:

What is the POODLE attack?

A bug was discovered in the widely used Secure Socket Layer (SSL) v 3.0 cryptography protocol, also known as SSL v 3.0 (SSLv3). Systems and applications using SSL v 3.0 with Cipher Block Chaining (CBC) mode ciphers are at risk. This flaw was discovered by researchers at Google and they described how this flaw can be exploited by a method they called Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.

While the SSLv3 protocol is flawed, SSL certificates and their private key are fine. SSL certificates are not affected and do not need replacing.

SSLv3 is an older protocol that was introduce in around 1995 and has been replaced by Transport Layer Security (TLS), TLS v 1.0, TLS v 1.1, and TLS v 1.2. Even though SSLv3 is old, it is still supported by most internet browsers, servers and systems using OpenSSL. In most cases, systems that support TLS will fall back or downgrade to SSLv3 as the need arises. When a secure connection fails, most servers will downgrade to an older protocol such as SSLv3.

One possible attack scenario is where an attacker controls the network between the client computer and the server. They could manipulate the handshake used by the cryptography protocol to force the server into a so called “protocol downgrade dance”. The idea is to get the systems involved to use the older SSLv3 protocol to secure data being sent. The attackers could then exploit the bug with man-in-the-middle (MITM) attack to compromise secure cookies, which could lead to information thief or illegal access and control of a victim’s accounts.

Currently there is no fix for this vulnerability in SSLv3, the flaw is fundamental to the protocol of SSLv3. The solution is to disable the browers's usage of SSLv3 and SSLv2 if possible or using a browser version with SSLv3 removed. Researchers are also recommending patching servers and appliances with TLS_FALLBACK_SCSV, a protocol extension that prevents MITM attackers from being able to force a protocol downgrade.

This SSLv3 vulnerability is covered in the National Vulnerability Database CVE-2014-3566?
For More details on this discovery refer to https://www.openssl.org/~bodo/ssl-poodle.pdf

Was This Article Helpful?

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch