How can we help?

Security Advisory - "POODLE" SSLv3 vulnerability of 14 Oct 2014

Follow

Learning Security Advisory - "POODLE" SSLv3 vulnerability - CVE-2014-3566

Release Date

2014-10-14

Last Update

2014-11-07

Description

A vulnerability was discovered in SSLv3 which could allow a remote attacker to force a TLS downgrade negotiation, which could result in SSLv3 with weak ciphers being used. Once downgraded, the traffic is then susceptible to a man in the middle (MITM) attack.

Level

Moderately Critical

Impact

Allows unauthorized disclosure of information

Systems Affected

PowerSchool Learning

Solution Status

Patched

Summary: On October 14th, Google security released an advisory regarding a newly discovered SSLv3 attack. In response, the Learning Security Team disabled SSLv3 and its related ciphers on the Learning platform. Additionally, CloudFlare, our CDN provider, immediately disabled SSLv3 when the vulnerability was announced

Status: All systems were patched as of 2014-11-07.

Powered by Zendesk