Question

As part of the regulatory compliance efforts, a systems administrator has been asked to eliminate the use of SSL in favor of TLS. However, after taking steps to remediate, the durability scan indicates the server is vulnerable to the POODLE attack. What likely caused this to occur

Answer 1

Step-by-step explanation:

The vulnerability to POODLE attack is caused by the lack of proper validation of encryption padding.

The server is still vulnerable to POODLE attack, even when a system administrator has eliminated the use of SSL in favour of TLS. This move could be far more effective if rather than completely eliminating SSL, a server is created, that still tolerates the existence of SSL, this way, the server is irresistible to downgrade attacks.

Attackers could take advantage of the change from SSL to TLS, because it means there is no way to fight against attackers who try to use the vulnerability in SSL, as it simply doesn't exist anymore. But if SSL is not completely disabled, then TLS will rather make SSL stronger, and a "visit" to SSL every now and then would be possible.