POODLE attack is an exploit that Will take advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit.

POODLE can be used to target browser-based communication that relies on the Secure Sockets Layer (SSL) 3.0 protocol for encryption and authentication. The Transport Layer Security (TLS) protocol has largely replaced SSL for secure communication on the Internet, but many browsers will revert to SSL 3.0 when a TLS connection is unavailable. An attacker who wants to exploit POODLE takes advantage of this by inserting himself into the communication session and forcing the browser to use SSL 3.0.

Apple, Google, Mozilla and Microsoft have all announced plans to stop supporting SSL 3.0 in the near future.

Test using https://.poodletest.com

If you see a poodle, you have some cleaning up to do.


What Does POODLE Do?

POODLE tries to force the connection between your web browser and the server to downgrade to SSLv3. If it does that, the attacker can get the plain text information from the communication. That means that they can access cookies which are often used to store information.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.