SSL 3.0 Fallback Exploit – aka POODLE

Google published a Security Advisory that discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.

The attack requires an SSL 3.0 connection to be established, so disabling the SSL 3.0 protocol in the client or in the server (or both) will completely avoid it. If either side supports only SSL 3.0, then all hope is gone, and a serious update required to avoid insecure encryption. If SSL 3.0 is neither disabled nor the only possible protocol version, then the attack is possible if the client uses a downgrade dance for interoperability.

Read more about POODLE here – https://www.openssl.org/~bodo/ssl-poodle.pdf

Go here to find out how to disable SSLv3 support in your browser – https://zmap.io/sslv3/browsers.html#chrome-windows

Leave a Comment

Your email address will not be published.

Scroll to Top