POODLE, short for Padding Oracle On Downgraded Legacy Encryption, is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.
While Transport Layer Security (TLS) is now more widely used, popular Web browsers such as Mozilla Firefox and Google Chrome commonly revert to SSL 3.0 when a TLS connection is unavailable. In these cases, SSL 3.0 uses the RC4 encryption cipher and allows attackers to break through the encryption and access the contents of HTTPS cookies. In certain circumstances, attackers can exploit POODLE to decrypt Web browser authentication cookies and reveal potentially sensitive information. However, to do this, an attacker must achieve a man-in-the-middle position between the client and the server through a separate exploit. In nearly all cases it also requires the client browser to have JavaScript enabled.