SSLv3 POODLE attack

book

Article ID: 168309

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

Is PacketShaper vulnerable to CVE-2014-3566 (POODLE Attack)?


 

Resolution

Earlier versions of PacketShaper software were vulnerable to the POODLE Attack. In these versions, SSLv3 was enabled by default.

In PacketWise versions 9.2.9 and 8.7.12, this has been fixed and documented as below:

Security Fixes
• SSLv3 is now disabled on PacketShaper’s client and server side, which is the recommended solution
for the POODLE Attack on SSLv3 (CVE-2014-3566).

It is also fixed in version 11.2.1.7 for PacketShaper S-Series (S500, S400, and S200).