The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability is a security flaw discovered in 2014 that affects the SSL 3.0 protocol. It allows an attacker to perform a man-in-the-middle attack, enabling them to decrypt sensitive data transmitted between clients and servers. POODLE exploits the way SSL 3.0 handles padding in block ciphers, forcing clients to downgrade to SSL 3.0, making them vulnerable to this attack. To mitigate the risk, SSL 3.0 should be disabled on both clients and servers, and modern protocols like TLS should be used instead.
References:
- OWASP POODLE Attack
- Google Security Blog on POODLE
- CVE-2014-3566
- What Is the POODLE Attack? – Acunetix
- How To Protect your Server Against the POODLE SSLv3 Vulnerability – DigitalOcean