Once again, a security hole has been found in the SSL protocol: POODLE. This one is not as serious as Heartbleed and much easier to mitigate however the security implications are still serious.
Note: SceneDoc has patched this vulnerability across all our internal and external infrastructure within 3 hours of the public disclosure of POODLE.
The vulnerability was dubbed POODLE (Padded Oracle On Downgraded Legacy Encryption) and only affects SSL Version 3 and lower. SSLv3 is a legacy version of SSL clocking in at around 18 years old. SSLv3 is typically still used today for backwards compatibility with older clients (Internet Explorer 6 for example) or legacy business-critical software that has been end of lifed. POODLE potentially allows an attacker to steal a user’s session cookies and use them to steal banking details, email accounts or other high value assets.
SceneDoc has removed all SSLv3 compatibility from all its environments which has broken compatibility with IE6 as stated above. This was a calculated move as SceneDoc has never officially supported that version of Internet Explorer (since it only runs on an end-of-life operating system) for reasons exactly like this security vulnerability.
We are also recommending that users disable SSLv3 support in all their Internet clients (web browsers etc). A guide on how to accomplish this can be found here: https://technet.microsoft.com/en-us/library/security/3009008.aspx.
SceneDoc continues to stay on the lookout for any new security threats that might endanger our users on the Internet.