AnsweredAssumed Answered

Pharos secure connections - SSL3 & "POODLE" exploit

Question asked by brad on Oct 17, 2014
Latest reply on Apr 20, 2015 by brad

Hi guys,

 

Asking this partly for confirmation of my own thoughts on this, and also as a "public service" type thing to help inform those that haven't heard about it as yet.

 

There's a "new" (or more correctly "newly widely-known") exploit which has recently been announced, relating to SSL3 connections to/from devices/servers etc. See the link below for the latest info on it, if you're interested/possibly affected. In short, it requires both server and the browser being used to have SSL 3 enabled, AND it requires someone wanting to exploit the vulnerability to intercept and change the network traffic in-between the browser and server. How likely this is to happen, I'm not sure.

 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

 

So, a question for the Pharos staff - are any Pharos devices or services potentially affected by this?

 

 

Cheers,

Brad.

Outcomes