Fear not, Snare is not affected by POODLE

The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.

The Snare Agents are not affected by POODLE as it requires a cookie injection from the client and Snare does not use cookies for our connections.

Since it’s a client side attack, and would need some man-in-the-middle attack on the internal network which is low risk, and given most Snare Servers are on restricted networks, then it is low risk.

For additional information review US-CERT TA14-290A.

Snare Solutions
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.