Zombie POODLE, and GOLDENPOODLE–two vulnerabilities in TLS 1.2, related to a major design flaw in SSL 3.0:


– the issue is cipher block-chaining (CBC) mode for block ciphers
– allows man-in-the-middle (MitM) attacks
– more details will be published at Black Hat Asia in March
– disable CBC-based ciphers (there is also the Lucky13 attack), or switch to TLS 1.3

Sign in to participate in the conversation

mastodon.at is a microblogging site that federates with most instances on the Fediverse. Note: This instance will shut down on February 29th, 2020.