POODLE (Padding Oracle On Downgraded Legacy Encryption)

Protect your business from POODLE (Padding Oracle On Downgraded Legacy Encryption)

Protect your business from POODLE (Padding Oracle On Downgraded Legacy Encryption)

Written by Alan Ingram on Monday, 16 March 2015. Posted in POODLE (Padding Oracle On Downgraded Legacy Encryption), Information Technology

The POODLE security vulnerability was identified by the Google Security Team over the summer and effects many web services, including those hosted on Microsoft Internet Information Services (IIS).

It was found to be theoretically possible to force a client web browser to appear not to support newer, more secure encryption methods. This would result in the much older and insecure SSL (Secure Sockets Layer) V3 to be used, potentially making it easier to read the encrypted data.

As SSL V3 is so outdated (it was superseded by Transport Layer Security (TLS) in 1999), the simplest fix is to disable SSL V3 support on your web servers and browsers. Although all modern browsers support TLS, this change could cause Internet Explorer (IE) 6 running on Windows XP to fail. Internet Explorer (IE) 6 can support TLS. However, it has to be activated in the settings.

To ensure security, SSL V3 support has been disabled on each of ePC's cloud services such as our cloud hosting for Process Director.

Any clients using Process Director systems on the public facing Internet should ensure their systems are updated to disable SSL V3.

If the update causes any compatibility issues with older clients, please contact us as we will be able to help resolve such issues.

Visit POODLE Wikipedia (opens in a new browser)

×
Subscribe to our newsletter

Keep up to date with the latest news and views on data capture, workflow software and BPM including white papers, case studies, blog updates, webinars and events.

Name:
Company:
Job title:
eMail: