October 2014

Zarafa Collaboration Platform vs. SSLv3/POODLE vulnerability

October 15, 2014 by Robert Scheck   Comments (0)

, , , , , ,

The press already wrote about it: Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered a design vulnerability in SSLv3 also known as "POODLE". I would like to try to answer some questions that popped up today regarding Zarafa and POODLE.
Important: Even the vulnerability seems to only affect HTTPS, it might (!) apply to other protocols/services as well (if an attacker has control over the packets that also contain secret data), thus Zarafa might be... Read full post