The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is a fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article.

Security Assessment

Security Assessment Prevent SSL POODLE

CVSS Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is a fallback attack that tries to downgrade the used TLS protocol version. With the Man-In-The-Middle attack using the SSL 3.0 Fallback, an attacker can expose data of encrypted connections.

Guides

To prevent the POODLE downgrade attack, make sure that TLS_FALLBACK_SCSV is enabled and you only use a Secure TLS Configuration.