POODLE, short for Padding Oracle On Downgraded Legacy Encryption, is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.

While Transport Layer Security (TLS) is now more widely used, popular Web browsers such as Mozilla Firefox and Google Chrome commonly revert to SSL 3.0 when a TLS connection is unavailable. In these cases, SSL 3.0 uses the RC4 encryption cipher and allows attackers to break through the encryption and access the contents of HTTPS cookies. In certain circumstances, attackers can exploit POODLE to decrypt Web browser authentication cookies and reveal potentially sensitive information. However, to do this, an attacker must achieve a man-in-the-middle position between the client and the server through a separate exploit. In nearly all cases it also requires the client browser to have JavaScript enabled.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center