The SSL 3.0 “POODLE Bug” Vulnerability (aka “POODLEbleed”)
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that is supposed to be encrypted between computers and servers.
Upon learning of the “POODLEbleed” vulnerability, the AppSense development team moved rapidly to assess any potential impact to our customers.
Here is a summary of our findings and actions:
DesktopNow: Not Affected
DataNow: Affected (Patch Available)
Given the importance of secure endpoints in corporate DataNow implementations, we responded to the “POODLE” vulnerability by offering a patch on MyAppSense.com that disables all SSL versions in favor of using TLS rather than prohibiting downgrade from TLS to SSL.
We believe this is a more appropriate response than allowing old systems, with potentially other vulnerabilities, to use the vulnerable SSL version 3 protocol if they do not support TLS.
We have performed regression testing against all supported versions of our clients and browsers to ensure that this change protects the service against being targeted by a POODLE attack, without affecting a user’s ability to access DataNow.
For more information about the vulnerability issues addressed by this patch please see:
Note: If you use third party network appliances or servers in conjunction with any AppSense product, you should check with the vendor of those devices to ensure they are not affected by the POODLE vulnerability.
We realize that security vulnerabilities of this magnitude are a major concern to enterprise IT organizations. We hope that by communicating and acting quickly, we are aiding your assessment and recovery efforts.
If you have any questions about this, or any other topic, please feel free to contact our technical support team at:
USA, South America and Canada: 1- 866-APPSENSE (27773673)
UK: +44 (0) 845 839 9075??+44 (0) 845 839 9075
Germany, Austria and Switzerland: 0800 0007 290??0800 0007 290
Australasia: 1 800 631 386
Worldwide: +44 (0) 845 839 907
As always, we’re available 24×7 to assist you.