POODLE (TLS)
Padding Oracle On Downgraded Legacy Encryption
Related error
"This server supports older SSL/TLS protocols. It is vulnerable to a Poodle (TLS) attack. Disable older protocols."
Problem
New versions of the POODLE (SSL) vulnerability were discovered like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE. These new POODLE vulnerabilities were found on sites using the TLS 1.0, TLS 1.1, and TLS 1.2 protocols with the Cipher Block Chaining (CBC) block cipher modes enabled.
Solution
Short term: Disable support for CBC encryption ciphers.
Long term: Enable the TLS 1.3 protocol.
Workaround
Configure TLS to deprioritize CBC ciphers. The attacker can’t force the use of a CBC cipher, but can only initiate the attack with a client or server that normally negotiates a CBC cipher. Only use this workaround if you’re unable to disable support for CBC encryption ciphers.