SECURITY UPDATE |  |
| Release Date: | 2014-1-14 (Last update can be found below the document title) |
| Description: | A vulnerability was discovered in SSLv3 which could allow a remote attacker to force a TLS downgrade negotiation, which could result in SSLv3 with weak ciphers being used. Once downgraded, the traffic is then susceptible to a man in the middle (MITM) attack |
| Criticality Level: | Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: | Allows unauthorized disclosure of information |
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Google Security |
| Relevant Changesets: | Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback |
Summary:
On October 14th, Google security released an advisory regarding a newly discovered SSLv3 attack. Once the Instructure InfoSec team was made aware of the advisory, it took immediate action to disable SSLv3 and its related ciphers on the Canvas platform.
Status:
All systems were patched as of 14:33 MT on 10/14/2014
