{"id":3423,"date":"2015-02-23T10:38:35","date_gmt":"2015-02-23T10:38:35","guid":{"rendered":"http:\/\/blog.eginnovations.com\/?p=3423"},"modified":"2022-08-23T09:13:25","modified_gmt":"2022-08-23T13:13:25","slug":"poodle-attack-vulerability","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/","title":{"rendered":"POODLE Attack Vulnerability"},"content":{"rendered":"<div class=\"post-body\">\n<div dir=\"ltr\">\n<div dir=\"ltr\">\n<div dir=\"ltr\">\n<h2><span class=\"ez-toc-section\" id=\"What_is_a_POODLE_Attack_and_What_to_Do_About_It\"><\/span>What is a POODLE Attack and What to Do About It<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit. POODLE can be used to target\u00a0browser-based communication that relies on the Secure Sockets Layer (SSL) 3.0 protocol for\u00a0encryption\u00a0and authentication. The Transport Layer Security (TLS) protocol has largely replaced SSL for secure communication on the Internet, but many browsers will revert to SSL 3.0 when a TLS connection is unavailable.\u00a0An attacker who wants to exploit POODLE takes advantage of this\u00a0by inserting himself into the communication session and forcing the browser to use SSL 3.0.<\/p>\n<p>The attacker is then free to exploit a design flaw in SSL3.0 that allows the padding data at the end of a\u00a0block cipher\u00a0to be changed so that the encryption cipher becomes less secure each time it is passed. To prevent a POODLE attack that forces a browser to degrade to SSL 3.0, administrators should check to see that their server software supports the latest version of TLS and is configured properly.<\/p>\n<p>The eG Enterprise system is vulnerable to a POODLE attack when the eG manager is configured with SSL. Even though the communication between the eG agents and the manager or between the manager and user browsers does not contain business sensitive data, administrators may still want to avert a security attack. For instance, user login information (possibly even to an Active Directory domain) can be compromised.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11.jpg\" target=\"_blank\" rel=\"noopener noreferrer\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3441 size-large\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11.jpg?w=450\" alt=\"poodle-attack1\" width=\"450\" height=\"305\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11.jpg 676w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11-300x203.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11-310x210.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2015\/02\/poodle-attack11-140x95.jpg 140w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><\/a><\/p>\n<p style=\"text-align: center;\"><b>How a POODLE attack happens<\/b><\/p>\n<p>To protect against\u00a0unauthorized access and probable abuse\u00a0by unscrupulous POODLE attackers, you will have to disable SSL 3.0 on the eG manager. To do so, follow the steps below:<\/p>\n<\/div>\n<div dir=\"ltr\">\n<ol>\n<li>Open<span class=\"Apple-converted-space\">\u00a0the eG manager&#8217;s Tomcat configuration file:\u00a0<em>&lt;EG_INSTALL_DIR&gt;managertomcatconfserver<\/em><\/span><em>.xml<\/em><\/li>\n<li>Find the Connector configuration corresponding to the eG manager. This should have the attributes:\u00a0<em>SSLEnabled=&#8221;true&#8221; scheme=&#8221;https&#8221; secure=&#8221;true&#8221;<\/em>.<\/li>\n<li>If you are using JDK 1.6 for running the eG manager, then remove the attribute<span class=\"Apple-converted-space\">\u00a0<\/span><i>sslProtocol=&#8221;TLS&#8221;<\/i><span class=\"Apple-converted-space\">\u00a0<\/span>from the above configuration and replace it with:\u00a0<span class=\"Apple-converted-space\">\u00a0<\/span><i>sslEnabledProtocols=&#8221;TLSv1&#8243;<\/i><\/li>\n<li>If you are using JDK 1.7 , then remove the attribute<i><span class=\"Apple-converted-space\">\u00a0<\/span>sslProtocol=&#8221;TLS&#8221;<\/i><span class=\"Apple-converted-space\">\u00a0<\/span>from the above configuration and replace it with:\u00a0<span class=\"Apple-converted-space\">\u00a0<\/span><i>sslEnabledProtocols=&#8221;TLSv1,TLSv1.1,TLSv1.2&#8243;\u00a0<\/i><\/li>\n<li>Now, restart the eG manager for the changes to be effective.<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"post-footer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>What is a POODLE Attack and What to Do About It A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit. POODLE can be used to target\u00a0browser-based communication that relies on [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":8995,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[375],"tags":[139,214],"class_list":["post-3423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-eg-innovations","tag-poodle-attack"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>POODLE Attack Vulnerability \u2013 How it Happens<\/title>\n<meta name=\"description\" content=\"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"POODLE Attack Vulnerability \u2013 How it Happens | eG Innovations\" \/>\n<meta property=\"og:description\" content=\"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/\" \/>\n<meta property=\"og:site_name\" content=\"eG Innovations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/eGInnovations\" \/>\n<meta property=\"article:published_time\" content=\"2015-02-23T10:38:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-23T13:13:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/selected-gartner-magic-quadrant.jpg\" \/>\n<meta name=\"author\" content=\"Priya Balasubramaniam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"POODLE Attack Vulnerability \u2013 How it Happens | eG Innovations\" \/>\n<meta name=\"twitter:description\" content=\"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/it-event-correlation-analysis-2010.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:site\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Priya Balasubramaniam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"POODLE Attack Vulnerability \u2013 How it Happens","description":"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/","og_locale":"en_US","og_type":"article","og_title":"POODLE Attack Vulnerability \u2013 How it Happens | eG Innovations","og_description":"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.","og_url":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/","og_site_name":"eG Innovations","article_publisher":"https:\/\/www.facebook.com\/eGInnovations","article_published_time":"2015-02-23T10:38:35+00:00","article_modified_time":"2022-08-23T13:13:25+00:00","og_image":[{"url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/selected-gartner-magic-quadrant.jpg","type":"","width":"","height":""}],"author":"Priya Balasubramaniam","twitter_card":"summary_large_image","twitter_title":"POODLE Attack Vulnerability \u2013 How it Happens | eG Innovations","twitter_description":"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.","twitter_image":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/it-event-correlation-analysis-2010.jpg","twitter_creator":"@eginnovations","twitter_site":"@eginnovations","twitter_misc":{"Written by":"Priya Balasubramaniam","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#article","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/"},"author":{"name":"Priya Balasubramaniam","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/2f03ec1faec73e471fd1e4064d9336cd"},"headline":"POODLE Attack Vulnerability","datePublished":"2015-02-23T10:38:35+00:00","dateModified":"2022-08-23T13:13:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/"},"wordCount":389,"commentCount":0,"publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/gartner-magic-quadrant.jpg","keywords":["eG Innovations","Poodle attack"],"articleSection":["General"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/","url":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/","name":"POODLE Attack Vulnerability \u2013 How it Happens","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#primaryimage"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/gartner-magic-quadrant.jpg","datePublished":"2015-02-23T10:38:35+00:00","dateModified":"2022-08-23T13:13:25+00:00","description":"Learn what POODLE attack vulnerability is and find out how a POODLE attack happens so you understand how to fix it. Brought to you by the world\u2019s leader in IT Monitoring Services.","breadcrumb":{"@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#primaryimage","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/gartner-magic-quadrant.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2019\/05\/gartner-magic-quadrant.jpg","width":300,"height":200,"caption":"Software Monitoring Tools"},{"@type":"BreadcrumbList","@id":"https:\/\/www.eginnovations.com\/blog\/poodle-attack-vulerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eginnovations.com\/blog\/"},{"@type":"ListItem","position":2,"name":"POODLE Attack Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.eginnovations.com\/blog\/#website","url":"https:\/\/www.eginnovations.com\/blog\/","name":"eG Innovations","description":"IT Performance Monitoring Insights","publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eginnovations.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eginnovations.com\/blog\/#organization","name":"eG Innovations","alternateName":"eg innovations","url":"https:\/\/www.eginnovations.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","width":362,"height":235,"caption":"eG Innovations"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/eGInnovations","https:\/\/x.com\/eginnovations"]},{"@type":"Person","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/2f03ec1faec73e471fd1e4064d9336cd","name":"Priya Balasubramaniam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9a8c10eba39c603ea64258caa20ef6b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9a8c10eba39c603ea64258caa20ef6b?s=96&d=mm&r=g","caption":"Priya Balasubramaniam"},"url":"https:\/\/www.eginnovations.com\/blog\/author\/priyavb\/"}]}},"modified_by":"HawkSEM Dev","_links":{"self":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/3423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/comments?post=3423"}],"version-history":[{"count":0,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/3423\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media\/8995"}],"wp:attachment":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media?parent=3423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/categories?post=3423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/tags?post=3423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}