Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Skip to end of banner Go to start of banner

How to avoid the SSL Poodle attack

Created by Wikid, last modified on Dec 07, 2017

Applies to VoipNow Professional 2.5 and VoipNow 3.0.0 - 3.0.5!

There seems to be a vulnerability in the SSLv3 protocol, which is described in CVE-2014-3566 (short name 'POODLE'). All implementations of SSLv3 are affected.

This vulnerability allows a man-in-the-middle attacker to decrypt SSL traffic. More details can be found here.

Step-by-step guide

To verify if you are vulnerable, please run:

curl -v3 -X HEAD https://www.example.com
If you see "curl: (35) SSL connect error", then you are not vulnerable. If you have a normal SSL connection, this means you are vulnerable.

To avoid being exploited, please run:

wget https://raw.githubusercontent.com/4psa/voipnowpatches/master/sslpoodlefix.sh
sh sslpoodlefix.sh

Related articles

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.