What is the Poodle Vulnerability?
Poodle stands for Padding Oracle On Downgraded Legacy Encryption and is a new vulnerability discovered by researchers at Google. Poodle affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3.0. SSL v3.0 is a legacy protocol used to encrypt traffic between a client and host, such as a browser and a web.
Currently this vulnerability allows a "man-the-middle" attack for users on the same network. Though this vulnerability is less severe than attacks in recent history, if exploited, it could allow an attacker to gain access to information that would let them take over your account.
What is Pitt doing?
Computing Services and Systems Development will be conducting a detailed inventory of enterprise systems and working to remedy any potential vulnerabilities. Additionally, we will be working with departments to remediate any vulnerable systems discovered.
What should I do?
To mitigate this vulnerability SSL 3.0 should be disabled in all affected packages. Currently there is not a patch available for this vulnerability.
Server administrators can visit https://ssllabs.com to test their server to determine if it is using the vulnerable SSLv3 protocol. It is recommended that server administrators avoid using other, unknown third-party sites to test server configurations.
If you manage a server in your department and would like assistance determining if it is susceptible, please contact the Technology Help Desk at 412-624-HELP .