Zombie POODLE, and GOLDENPOODLE–two vulnerabilities in TLS 1.2, related to a major design flaw in SSL 3.0:

– the issue is cipher block-chaining (CBC) mode for block ciphers
– allows man-in-the-middle (MitM) attacks
– more details will be published at Black Hat Asia in March
– disable CBC-based ciphers (there is also the Lucky13 attack), or switch to TLS 1.3

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.