The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. On December 8, 2014, it was publicly reported that some TLS implementations are also vulnerable to the POODLE attack. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges. These conditions make successful exploitation somewhat difficult. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access. Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. While SSL 3.0 is an old encryption standard and has generally been replaced by TLS, most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The decryption is done byte by byte and will generate a large number of connections between the client and server.
![ibm rational application developer 9.5 support tls 1.2 ibm rational application developer 9.5 support tls 1.2](https://www.ibm.com/support/pages/system/files/support/swg/swgdocs.nsf/0/3dbc011da9108c0b85257f9b0064c9b8/Content/30.30A0.gif)
![ibm rational application developer 9.5 support tls 1.2 ibm rational application developer 9.5 support tls 1.2](https://www.ibm.com/support/pages/system/files/support/swg/swgdocs.nsf/0/92faf42f14c49aa185257e42006ed17a/Content/34.4B6C.gif)
The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.
![ibm rational application developer 9.5 support tls 1.2 ibm rational application developer 9.5 support tls 1.2](https://www.ibm.com/support/pages/system/files/support/swg/swgdocs.nsf/0/3dbc011da9108c0b85257f9b0064c9b8/Content/65.2ABE.gif)
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding.