In a POODLE (Padding Oracle on Downgraded Legacy Encryption) attack, the attacker will intercept the connection between your browser and a web server. They will then force your browser to downgrade the server's security protocol to SSL 3.0 from TLS 1.0 to steal your confidential information.
Specifically, the attacker exploits a vulnerability in the SSL (3.0) protocol that is still supported on older browsers and web servers. TLS (1.0) replaced SSL in 1999 due to security flaws. TLS (1.3) is now the industry standard.
What is a protocol? Protocols like SSL, or Secure Sockets Layer, authenticate and encrypt communication between your browser and web servers – to make sure your data isn’t eavesdropped on. For example, SSL will make sure that google.com really is google.com and verify that any data from google.com really came from there.
You’re also more at risk here if you’re connected to unsecured public Wi-Fi. Since you and the attacker both need to be connected to the same network, these Wi-Fi hotspots and their lack of encryption make it easier for attackers to intercept the connection.
(What is the CVE of the original POODLE attack? The CVE-ID associated with the original POODLE attack is CVE-2014-3566. F5 Networks filed for CVE-2014-8730 too).
All of your browser data could be stolen in a POODLE attack, including your passwords and session cookies. Your information can also be stolen in other types of cyberattack. What is a cyber attack?
Any web server that supports SSL 3.0 and older versions of TLS is prone to POODLE attacks. Luckily, recent versions of browsers like Chrome, Firefox, and Safari block websites that still use SSL 3.0 and old versions of TLS (1.0 and 1.1). It’s best that servers are configured to only support newer protocols like TLS 1.2 and 1.3 to prevent POODLE attacks.
Why do web servers support old protocols? It's likely that servers like these are using extremely old software and configurations.
POODLE attacks teach us the importance of self-security in a world that can treat encryption like a magic wand.
Most of us believe that encryption is the most important part of SSL and TLS, but verification and authentication is just as crucial. If you aren’t interacting with who you think you are, an attacker can easily hit you with a man-in-the-middle attack. This means that they can position themselves between you and the person or website you’re trying to engage with, manipulating the flow of information – or money, in some instances.
Knowing the difference between a scam and a genuine message, email, or phone call will protect you against social engineering attacks. POODLE attackers rely on you not knowing the difference to get past the first step in a typical POODLE attack.