Main Content

POODLE ATTACK: Security Vulnerability

Please be aware of an SSL vulnerability, the POODLE. 

While we find it mildly fun to scream "Beware the Poodle!" This issue is serious and requires attention!

A message from Promet's Support Manager, Melissa Gonzalez:

On October 14th, 2014, a vulnerability in the design of SSL version 3.0 encryption protocol was disclosed.  This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. You can test your HTTPS site here.

 

Description of Vulnerability

POODLE is an acronym for the SSL vulnerability, Padding Oracle on Downgraded Legacy Encryption. Unfortunately, this security hole could allow an attacker to steal and decrypt an important security cookie and hijack your accounts without needing your password. Most home users will not be affected, however be aware of public wifi until the issue is fully-resolved. 

Severity

The severity of this vulnerability: "High".  

Fix

If you are a Monthly Support Client, you do not need to worry; we have resolved this issue for you.

For all others, to address this issue you must adjust the server configuration by setting SSLv3 off in the config. A certificate renewal is not necessary.

Please feel free to reach out to me (Melissa) if you have any questions. Our Systems Administrators will be available if you need any further guidance.

Further Reading

Learn how to protect your server from Poodle

Read More Details