POODLE Attack (CVE-2014-3566)


During the scan, Kayran managed to detect a Poodle Attack vulnerability. The Poodle attack allow you to retrieve encrypted data sent by the client to a server if the Transport Layer Security being used is SSLv3.

If an attacker interrupts a secure connection between a browser and the website that is using TLSv1.0, and, when the browser retries to establish a connection to the server, it will use the next lower level protocol, once the protocol downgrade is successful, the attacker can exploit the vulnerabilities in SSLv3 to compromise the session.

The POODLE threat is a Man-In-The-Middle type of attack that forces modern clients and servers to downgrade the security protocol to SSLv3 from TLSv1.0 or higher.
This is done by interrupting the “handshake” between the client and server, resulting in the retry of the handshake with earlier protocol versions.


CVSS Version 3.x – 3.4 Low


Disable SSLv3 within your web server and/or client (ideally both).
This will make the exploitation of the vulnerability impossible for the attacker.



< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »