SSL 3.0 Fallback Exploit – aka POODLE

Google published a Security Advisory that discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.

The attack requires an SSL 3.0 connection to be established, so disabling the SSL 3.0 protocol in the client or in the server (or both) will completely avoid it. If either side supports only SSL 3.0, then all hope is gone, and a serious update required to avoid insecure encryption. If SSL 3.0 is neither disabled nor the only possible protocol version, then the attack is possible if the client uses a downgrade dance for interoperability.

Read more about POODLE here – https://www.openssl.org/~bodo/ssl-poodle.pdf

Go here to find out how to disable SSLv3 support in your browser – https://zmap.io/sslv3/browsers.html#chrome-windows

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top