Slashdot Mirror

← Back to Stories (view on slashdot.org)

POODLE Flaw Returns, This Time Hitting TLS Protocol

Posted by Soulskill on Monday December 8, 2014 @08:30PM from the its-bite-is-worse-than-its-bark dept.

angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.

2 of 54 comments (clear)

Min score:

Reason:

Sort:

Test your site with this by cyrus0101 · 2014-12-08 20:57 · Score: 5, Informative

The article references the SSL Labs tool which includes the TLS POODLE test: https://www.ssllabs.com/ssltes...
implementation flaw not protocol flaw by Anonymous Coward · 2014-12-09 05:11 · Score: 2, Informative

It is very important to understand that this is a flaw in some vendors' TLS implementation, NOT in the tls protocol itself.