- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
What is the POODLE attack?
12/20/2019 
1,128 People found this article helpful
140,679 Views
Description
What is the POODLE attack?
Resolution
What is the POODLE attack?
A bug was discovered in the widely used Secure Socket Layer (SSL) v 3.0 cryptography protocol, also known as SSL v 3.0 (SSLv3). Systems and applications using SSL v 3.0 with Cipher Block Chaining (CBC) mode ciphers are at risk. This flaw was discovered by researchers at Google and they described how this flaw can be exploited by a method they called Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.
While the SSLv3 protocol is flawed, SSL certificates and their private key are fine. SSL certificates are not affected and do not need replacing.
SSLv3 is an older protocol that was introduce in around 1995 and has been replaced by Transport Layer Security (TLS), TLS v 1.0, TLS v 1.1, and TLS v 1.2. Even though SSLv3 is old, it is still supported by most internet browsers, servers and systems using OpenSSL. In most cases, systems that support TLS will fall back or downgrade to SSLv3 as the need arises. When a secure connection fails, most servers will downgrade to an older protocol such as SSLv3.
One possible attack scenario is where an attacker controls the network between the client computer and the server. They could manipulate the handshake used by the cryptography protocol to force the server into a so called “protocol downgrade dance”. The idea is to get the systems involved to use the older SSLv3 protocol to secure data being sent. The attackers could then exploit the bug with man-in-the-middle (MITM) attack to compromise secure cookies, which could lead to information thief or illegal access and control of a victim’s accounts.
Currently there is no fix for this vulnerability in SSLv3, the flaw is fundamental to the protocol of SSLv3. The solution is to disable the browers's usage of SSLv3 and SSLv2 if possible or using a browser version with SSLv3 removed. Researchers are also recommending patching servers and appliances with TLS_FALLBACK_SCSV, a protocol extension that prevents MITM attackers from being able to force a protocol downgrade.
- This SSLv3 vulnerability is covered in the National Vulnerability Database CVE-2014-3566?
- For More details on this discovery refer to https://www.openssl.org/~bodo/ssl-poodle.pdf
Related Articles
- How to export Dictionaries on SonicWall Email Security (only after 10.0.10)
- How to submit False Positives ad False Negatives directly from the SonicWall Email security appliance (Only after the firmware version 10.0.10)
- User level allowed list on SonicWall Email Security
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO