Details
Description
TLS CBC Incorrect Padding Abuse Vulnerability for ports - 18091/TCP over SSL, 18092/TCP over SSL and 11214/TCP over SSL.
POODLE attack on SSLv3 has been described here https://www.openssl.org/~bodo/ssl-poodle.pdf, where the attacker exploits the fact that the CBC padding values where not strictly defined by SSLv3 protocol. This was a SSLv3 protocol weakness. In case of TLS the padding byte values are well defined, however some vendors are reusing the SSLv3 processing algorithm to process the TLS records and as a result if the last byte contains a correct value, the entire padding is considered acceptable. This allows an attacker to launch a POODLE type of an attack against TLS versions. you can find details of vulnerability here https://www.a10networks.com/sites/default/files/security-advisories/A10-RapidResponse_CVE-2014-8730.pdf.
Attachments
Issue Links
- blocks
-
MB-14772 3.1.0 Minor Release
- Resolved