Definition

POODLE (Padding Oracle On Downgraded Legacy Encryption)

Contributor(s): Madelyn Bacon

POODLE (Padding Oracle On Downgraded Legacy Encryption) is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.

While Transport Layer Security (TLS) is now more widely used, popular Web browsers such as Mozilla Firefox and Google Chrome commonly revert to SSL 3.0 when a TLS connection is unavailable. In these cases, SSL 3.0 uses the RC4 encryption cipher and allows attackers to break through the encryption and access the contents of HTTPS cookies. In certain circumstances, attackers can exploit POODLE to decrypt Web browser authentication cookies and reveal potentially sensitive information. However, to do this, an attacker must achieve a man-in-the-middle position between the client and the server through a separate exploit. In nearly all cases it also requires the client browser to have JavaScript enabled.

OpenSSL released a patch for POODLE in October 2014 to assist in the mitigation of the vulnerability. The only other technique for preventing POODLE attacks is to stop the use of SSL 3.0 altogether.

 

This was last updated in October 2014

Continue Reading About POODLE (Padding Oracle On Downgraded Legacy Encryption)

Dig Deeper on Emerging cyberattacks and threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close