Security Notice - POODLE Vulnerability Remediation

Posted by Alan Sharp-Paul

poodle

A vulnerability was recently announced by Google, named POODLE, which targets SSLv3 connections.  SSLv3 is an older encryption protocol in the SSL/TLS family. Most modern browsers default to newer versions of TLS instead of SSL, e.g., TLSv1.2.

UpGuard defaults to establishing connections with browsers and API clients using TLS encryption, but there is a possible attack vector whereby an attacker could cause browsers to downgrade to SSLv3, rendering them vulnerable.

In response, we have disabled SSLv3 across our network by default for all customers, effective immediately. This may impact a minority of our users who use older browsers, such as Internet Explorer 6 running on Windows XP or older.  Our data shows that this represents a very small percentage of our active users. If you are affected by this change, you will need to configure your browsers to support TLSv1, or upgrade browsers.

We are continuing to track this vulnerability as news breaks. We will update you as required.

 

Regards,

Alan Sharp-Paul

UpGuard Customers