AnsweredAssumed Answered

Test Criteria for Poddle Bug

Question asked by Srikanth V on Oct 15, 2014
Latest reply on Oct 20, 2014 by Doug Jones



I was wondering what is the test criteria for the poddle bug? Do you guys mark it as vulnerable based on just the usage of SSLv3 or do you actually consider what cipher suites are used and if they are vulnerable or not. Like from my understanding using CBC makes a service vulnerable to the poddle attack. Can you please explain or put this somewhere on the test page?