2014-10-14 Instructure Advisory IAC29735 - "POODLE" SSLv3 vulnerability - CVE-2014-3566

jordan
Instructure Alumni
Instructure Alumni
0
767

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-1-14  (Last update can be found below the document title)
  Description:A vulnerability was discovered in SSLv3 which could allow a remote attacker to force a TLS downgrade negotiation, which could result in SSLv3 with weak ciphers being used. Once downgraded, the traffic is then susceptible to a man in the middle (MITM) attack
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Allows unauthorized disclosure of information
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Google Security
  Relevant Changesets:

Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback

CVE -CVE-2014-3566 


Summary:

On October 14th, Google security released an advisory regarding a newly discovered SSLv3 attack. Once the Instructure InfoSec team was made aware of the advisory, it took immediate action to disable SSLv3 and its related ciphers on the Canvas platform.

Status:

All systems were patched as of 14:33 MT on 10/14/2014