Security for everyone

SSL Poodle

Check your SSL/TLS configuration for Poodle vulnerability. Make sure that you are using secure communication that is not breakable.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

6 sec

Scan only one

Domain, Ipv4

Parent Category

SSL Poodle Detail

SSL Poodle

What is Poodle Vulnerability ?

Poodle(Padding Oracle On Downgraded Legacy Encryption) is a cryptographic design vulnerability. Vulnerability caused by undecided padding bits of SSLv3 and using identification after decryption.

With this vulnerability, for each byte, an attacker could successfully decrypt SSLv3 encrypted traffic with a probability of 1/256. So an average of 256 * N attempts are required to decipher a total of N bytes of data.

The most feasible attack vector of vulnerability is the MITM (man in the middle) state. The attacker, which allows the traffic between the client and the server to pass over itself, can interfere with SSL handshaking steps and force SSLv3 to be used in the connection. Of course, the client and server should support SSLv3 as well as the more recent protocols.

An attacker who meets the above conditions will have the chance to decipher the SSLv3 encrypted traffic partially between the client and the server. Some important sections of traffic (eg HTTP cookies) allow extremely dangerous attacks such as session theft.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture