2 Replies Latest reply on Apr 20, 2015 6:21 PM by brad

    Pharos secure connections - SSL3 & "POODLE" exploit

    brad Pioneer

      Hi guys,

       

      Asking this partly for confirmation of my own thoughts on this, and also as a "public service" type thing to help inform those that haven't heard about it as yet.

       

      There's a "new" (or more correctly "newly widely-known") exploit which has recently been announced, relating to SSL3 connections to/from devices/servers etc. See the link below for the latest info on it, if you're interested/possibly affected. In short, it requires both server and the browser being used to have SSL 3 enabled, AND it requires someone wanting to exploit the vulnerability to intercept and change the network traffic in-between the browser and server. How likely this is to happen, I'm not sure.

       

      http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

       

      So, a question for the Pharos staff - are any Pharos devices or services potentially affected by this?

       

       

      Cheers,

      Brad.