[security-announce] SSL 3.0 [RFC6101] SSLv3 POODLE vulnerability CVE-2014-3566

Sona Sarmadi sona.sarmadi at enea.com
Wed Oct 15 08:23:50 CEST 2014


=================================================================== 
                                                                    Enea Security Advisory
Product: SSL v3
Severity: Critical
Issue date: 2014-10-15
CVE Name: CVE-2014-3566 SSLv3 POODLE vulnerability
=================================================================== 

This vulnerability, named POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plain text of secure connections to be calculated by a network attacker. The vulnerability was discovered by Google researchers Bodo Möller. 
 

SSLv3 is deemed to be insecure protocol. We recommend our customers to disable SSLv3 where it is possible. This includes disabling SSLv3 on both server and client implementations.

References 
=========
https://www.openssl.org/~bodo/ssl-poodle.pdf 
http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html


Contact info
=========
If you have any questions regarding the security Advisory please contact sona.sarmadi at enea.com  or security at enea.com . 

Sona Sarmadi
Security Responsible for Enea Linux
Enea
Jan Stenbecks torg 17,
Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com 

This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.




More information about the security-announce mailing list