Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

R5z0mhzxKGc/default.jpg

This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE.

By Craig Young

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/brie...

R5z0mhzxKGc/default.jpg
Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All Reviewed by Unknown on June 28, 2019 Rating: 5