POODLE: SSLv3 CBC padding oracle enabling HTTPS decryption. Disable SSLv3 across ALL servers and clients immediately. Legacy browsers (IE6) will break — acceptable tradeoff. Enforce TLS 1.2+ minimum as current browser standard.
The SSLv3 protocol, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →