February 8, 2019, By Kelly Jackson Higgins
Citrix issues update for encryption weakness dogging the popular security protocol.
Turns out a major design flaw discovered and patched five years ago in the old SSL 3.0 encryption protocol, which exposed secure sessions to the so-called POODLE attack, didn't really die: A researcher has unearthed two new related vulnerabilities in the newer TLS 1.2 crypto protocol.
Craig Young, a computer security researcher for Tripwire's Vulnerability and Exposure Research Team, found vulnerabilities in SSL 3.0's successor, TLS 1.2, that allow for attacks akin to POODLE due to TLS 1.2's continued support for a long-outdated cryptographic method: cipher block-chaining (CBC). The flaws allow man-in-the-middle (MitM) attacks on a user's encrypted Web and VPN sessions.
Full Article.
New Zombie 'POODLE' Attack Bred From TLS Flaw
+54
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.