Do you still have SSL3 enabled? Check server and browser for POODLE vulnerability
POODLE vulnerability has been known for quite some time. Its description was found on Habré , but the problem is still relevant, and SSL 3.0 is still used on many web servers. HostTracker offers an easy way to check if this vulnerability exists on the side of your browser or on any web server.
Browser verification automatically occurs immediately after selecting SSLv3 as the verification method. To check the server, you must enter the site address and click "check." As a result, an attempt to connect via SSL 3.0 will be made and the result returned - whether it was possible or failed to connect, respectively, we will know if this protocol is enabled on the server being checked.
')
Worth emphasizing: support for later versions of the protected protocol is not a panacea for this vulnerability. As noted in the article mentioned above, there is always a way to force a return to the old version of the protocol. The only way out is to turn it off completely. Therefore, if the check shows that the protocol is enabled, there is a security hole. In order to protect yourself, simply update your browser. As of the end of 2014, this vulnerability has been closed in the latest versions of all popular browsers. With servers is somewhat more complicated. Of course, at the moment more than 99% of all web servers use newer protocols by default. However, a sufficient number of them simultaneously support SSL 3.0 "just in case." And this is a potential threat.
Browser verification automatically occurs immediately after selecting SSLv3 as the verification method. To check the server, you must enter the site address and click "check." As a result, an attempt to connect via SSL 3.0 will be made and the result returned - whether it was possible or failed to connect, respectively, we will know if this protocol is enabled on the server being checked.
')
Worth emphasizing: support for later versions of the protected protocol is not a panacea for this vulnerability. As noted in the article mentioned above, there is always a way to force a return to the old version of the protocol. The only way out is to turn it off completely. Therefore, if the check shows that the protocol is enabled, there is a security hole. In order to protect yourself, simply update your browser. As of the end of 2014, this vulnerability has been closed in the latest versions of all popular browsers. With servers is somewhat more complicated. Of course, at the moment more than 99% of all web servers use newer protocols by default. However, a sufficient number of them simultaneously support SSL 3.0 "just in case." And this is a potential threat.
Source: https://habr.com/ru/post/248803/
All Articles