Home / Early Warning / Cybersecurity Highlights / Poodle: exploiting SSL 3.0

Poodle: exploiting SSL 3.0

10/14/2014

Published a new attack against the obsolete and unsecured version 3.0 of the SSL cryptographic protocol, called POODLE (Padding Oracle On Downgraded Legacy Encryption). Taking advantage of the backward compatibility supported by many TLS implementations, it is possible to force a fallback to SSL 3.0, which would allow an attacker to "calculate" the plain text of HTTPS tokens or cookies and perform actions such as hijacking sessions or authenticating like other users.

In December 2014 it was published that some implementations of Transport Layer Security (TLS) are also vulnerable to POODLE attack.