The Password Safe
|
|
You are here: Vulnerability responses
>
Poodle
PoodleAnd here is another one: CVE-2014-3566 - or better known as the "poodle" vulnerability. Long story short: A newly discovered weakness in the SSL protocol allows an attacker (who can read and manipulate network traffic) to sneak into any SSL secured connection. But only if the server can be tricked to downgrade to an old outdated SSL protocol version. This may affect any application that uses SSL. In case of websites, you can at least configure your browser to support only protocols that are not affected by the vulnerability. You can use this site to check if your browser is affected: https://www.poodletest.com/. Check out http://en.wikipedia.org/wiki/POODLE on the matter. You can use this site to check if a server is affected: http://www.poodlescan.com/. Of course, passvault.net has been secured immediately after the news were spread. |