Definition

POODLE (Padding Oracle On Downgraded Legacy Encryption)

Contributor(s): Madelyn Bacon

POODLE (Padding Oracle On Downgraded Legacy Encryption) is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.

While Transport Layer Security (TLS) is now more widely used, popular Web browsers such as Mozilla Firefox and Google Chrome commonly revert to SSL 3.0 when a TLS connection is unavailable. In these cases, SSL 3.0 uses the RC4 encryption cipher and allows attackers to break through the encryption and access the contents of HTTPS cookies. In certain circumstances, attackers can exploit POODLE to decrypt Web browser authentication cookies and reveal potentially sensitive information. However, to do this, an attacker must achieve a man-in-the-middle position between the client and the server through a separate exploit. In nearly all cases it also requires the client browser to have JavaScript enabled.

OpenSSL released a patch for POODLE in October 2014 to assist in the mitigation of the vulnerability. The only other technique for preventing POODLE attacks is to stop the use of SSL 3.0 altogether.

 

This was last updated in October 2014

Continue Reading About POODLE (Padding Oracle On Downgraded Legacy Encryption)

Dig Deeper on Emerging cyberattacks and threats

This Content Component encountered an error
This Content Component encountered an error

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close