POODLE Attack
Critical attack exploiting SSL 3.0 padding validation weaknesses...
What is the POODLE Attack?
POODLE (Padding Oracle On Downgraded Legacy Encryption) is a critical security vulnerability discovered in 2014 that exploits weaknesses in SSL 3.0’s padding validation mechanism. This attack allows attackers to decrypt encrypted HTTPS traffic by forcing connections to downgrade from modern TLS versions to the vulnerable SSL 3.0 protocol, then exploiting the protocol’s flawed padding implementation.
How POODLE Exploits SSL 3.0
The attack leverages several SSL 3.0 vulnerabilities:
- Downgrade Attacks: Attackers force clients to fall back to SSL 3.0
- Padding Oracle: SSL 3.0 doesn’t verify padding contents, only the final byte
- Block Substitution: Attackers replace ciphertext blocks to test decryption
- Statistical Analysis: Successful decryption occurs 1 in 256 attempts on average
Prevention and Mitigation
POODLE attacks are prevented by completely disabling SSL 3.0 support on both clients and servers. Modern browsers and web servers should only support TLS 1.2 or later. Organizations can also implement TLS_FALLBACK_SCSV (Signaling Cipher Suite Value) to prevent protocol downgrade attacks, ensuring that attackers cannot force the use of vulnerable older protocols.
Where You'll See This Term
This term commonly appears in:
- SSL certificate details pages
- Certificate Authority validation processes
- SSL configuration documentation
- Security audit reports
- Certificate management interfaces