When it was first uncovered back in October, researchers believed that only sites using SSL 3.0 were vulnerable to the POODLE vulnerability, but now it appears certain implementations of TLS could be compromised using a similar exploit, according to ZDNet.
In the piece, Larry Seltzer explains: “One change in TLS 1.0 was to fully specify the contents of padding bytes, preventing this attack. But it turns out that some TLS implementations still didn’t check the padding bytes, despite having the ability to do so. Undoubtedly many implementers simply used their SSLv3 software, which work fine with a TLS implementation, other than their failure to check for this error.”
POODLE vulnerability found to also bite TLS encryption
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.