How to protect the Equitrac software from POODLE Attacks

Issue

How to protect the Equitrac software from POODLE Attacks

Cause

POODLE (Padding Oracle On Downgraded Legacy Encryption) is an attack against a design flaw in the SSL 3.0 protocol which allows attackers to decode the encrypted data of a secure SSL 3.0 connection.  The POODLE attack allows for a man-in-the-middle to intercept a communication between two systems using SSL 3.0 (e.g. client and server). The man-in-the-middle attack involves Javascript from the attacker running in the user's browser.

Resolution

Hotfixes are available for Equitrac products to mitigate against this.  Please see details in the document, "Protecting Against Poodle Attacks" available for download in the attachments section, below.

Attachments:

Protecting Against Poodle Attacks.pdf (226 KB)