Jump to content
someoneXgr

Encrypted connection scanner is vulnerable to POODLE attacks

Recommended Posts

https://i.imgur.com/5QeoChk.png

 

https://i.imgur.com/HnQBliq.png

 

I installed extension released by Mozilla here

https://blog.mozilla.org/security/2014/10/1...end-of-ssl-3-0/

https://addons.mozilla.org/en-US/firefox/ad...ersion-control/

set security.tls.version.min to 1 and removed and installed again certificate from %AllUsersProfile%\Kaspersky Lab\AVP15.0.1\Data\Cert\(fake)Kaspersky Anti-Virus Personal Root Certificate.cer

 

Also happens to IE 11

 

https://i.imgur.com/3ukrfYP.png

 

https://i.imgur.com/m8zL7J4.png

 

Windows 7 x64 SP1 Ultimate, all Windows updates installed

Edited by someoneXgr

Share this post


Link to post

Hello, someoneXgr,

 

The SSL 3.0 vulnerability is something that browsers have to cover for the home-user. For example, Firefox is going to disable it completely ("SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25."): https://blog.mozilla.org/security/2014/10/1...end-of-ssl-3-0/

Kaspersky continues to protect from this sort of attack the same way as before. The SSL vulnerability can only be exploited if your computer is already compromised by a man-in-the-middle attack. Our product would intercept the man-in-the-middle attack, therefore the SSL vulnerability would be irrelevant anyways.

 

The results of PoodleTest.com with enabled "Scan encrypted connections" may seem contradictory because our product serves as man-in-the-middle itself at the moment when initial connection to the site takes place.

 

To put it in a nutshell — our product will react if the real attack happens.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.