TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

It was possible to obtain sensitive information from the remote host
with TLS-enabled services.

Description :

The remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the TLS server not verifying block cipher padding when using a cipher
suite that employs a block cipher such as AES and DES. The lack of
padding checking can allow encrypted TLS traffic to be decrypted. This
vulnerability could allow for the decryption of HTTPS traffic by an
unauthorized third party.

See also :

https://www.imperialviolet.org/2014/12/08/poodleagain.html
https://support.f5.com/csp/#/article/K15882
http://www.nessus.org/u?3bcd20bf

Solution :

Contact the vendor for an update.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 80035 ()

Bugtraq ID: 71549

CVE ID: CVE-2014-8730

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now