CVE-2014-3566
CVE-2014-3566
In short
SSL 3.0 has a weakness in how it handles encryption padding that allows attackers to decrypt encrypted messages if they can intercept the connection. This flaw, known as POODLE, affects older encryption systems still in use today.
Technical detail
SSL 3.0 implements nondeterministic CBC padding, enabling padding-oracle attacks where a MITM attacker can systematically decrypt ciphertext by observing padding validation responses. Exploitation requires the attacker to intercept and manipulate client-server traffic, typically by forcing protocol downgrade from TLS to SSL 3.0.
Summary generated and translated by AI from the official description.
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.apple.com/kb/HT6531http://marc.info/?l=bugtraq&m=142103967620673&w=2http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.aschttp://www.securitytracker.com/id/1031090http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/http://rhn.redhat.com/errata/RHSA-2014-1880.htmlhttp://marc.info/?l=bugtraq&m=142804214608580&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635http://www.kb.cert.org/vuls/id/577193http://marc.info/?l=bugtraq&m=141577087123040&w=2http://marc.info/?l=bugtraq&m=141715130023061&w=2http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html