‘Poodle’ Vulnerability, Secure Socket Layer Version 2.0 (SSLv2) and 3.0 (SSLv3.0)
and Single Sign-On
On October 14, 2014, Google reported vulnerability in Secure Socket Layer (SSL) version 3.0. The vulnerability is known as Padding Oracle on Downgraded Legacy Encryption, or ‘Poodle’. A network attacker could exploit the vulnerability to calculate the plain text of secure connections and perpetrate a “man-in-the-middle” (MITM) attack by decrypting the session cookie that identifies a user to a service, such as Google, and then take over the user’s account without a password.
Campbell Employees Federal Credit Union has been working diligently since the ‘Poodle’ vulnerability issue was identified to assess and minimize any potential risk to our members. We will continue to monitor the ‘Poodle’ vulnerability and its potential implications. As always Campbell Employees Federal Credit Union is committed to providing best in class technology and protection for our members’ data security.
For additional information on the ‘Poodle’ vulnerability, visit the Google Online Security
Blog post on the Poodle vulnerability at: