Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

Statement Regarding SSL v3 POODLE Vulnerability SEP

« Go Back

Information

 
Article Number000001150
Article

Reference

CVE-2014-3566

Google researchers have announced the discovery of a vulnerability that affects implementations and use of SSLv3 as means of secure communications. This vulnerability has been named POODLE (Padding Oracle on Downgraded Legacy Encryption).  The vulnerability makes it possible for an attacker to perform a man in the middle attack and intercept traffic between client and server software.

 

SEP Products

This statement relates to Simple Encryption Platform (SEP) version 5.0 and below, and applies to all components with SSLv3 implementations in use: SEP Client, Secured eUSB Client, SEP Management Console and SEP Server. The POODLE vulnerability affects all SEP components using the sep:// protocol.

The Cryptzone development team are working to provide a security patch, which will switch and enforce protocols to use TLS1.2 throughout SEP, as well as changing the default setup to prevent fallback to SSLv3. This patch will be available by the end of October at the latest.

The Cryptzone development team have provided a security patch, which switches and enforces protocols to use TLS1.2 throughout SEP, as well as changing the default setup to prevent fallback to SSLv3. This patch was made available on 31st of October 2014.

For more information on the SSL POODLE vulnerability, visit: https://www.openssl.org/~bodo/ssl-poodle.pdf

Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255