Main
Vulnerability Database
Exploits
ID:8590 - Exploit for Information disclosure in OpenSSL - CVE-2014-3566
ID:8590 - Exploit for Information disclosure in OpenSSL - CVE-2014-3566
Published: November 8, 2022
Vulnerability identifier: #VU5214
Vulnerability risk: Medium
CVE-ID: CVE-2014-3566
CWE-ID: CWE-327
Exploitation vector: Remote access
Vulnerable software:
OpenSSL
OpenSSL
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.
Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.
Note: The vulnerability is known as POODLE.
The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.
Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.
Note: The vulnerability is known as POODLE.
Remediation
Update OpenSSL to version 0.9.8zc, 1.0.0o or 1.0.1j.