POODLE SSL 3.0 Attack


Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer (SSL) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites.

Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer.

Researchers dubbed the attack as "POODLE," stands for Padding Oracle On Downgraded Legacy Encryption, which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords.
 
 
Share on Google Plus

About Blurffy

Just another internet folk who want to share random softwares, movies and any kind of things in the internet.
    Blogger Comment

0 comments:

Post a Comment