Network Guys

Share your knowledge!

The SSL v3.0 CBC (Poodle) vulnerability and recommended steps

The SSL v3.0 CBC (Poodle) vulnerability does affect the Sophos UTM appliance. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

So there must be an attacker who needs to sniff packets in between to attack. This vulnerability is not as dangerous as the heartbleed bug but needs to be fixed. You can do this via shell via a workaround described here or you wait until 23rd October (this Thursday) for the fix 9.209.

You can find more information about how the attack is working on the NakedSecurity Blog from Sophos.

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives