<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Stay Secure: POODLE Vulnerability Update

Dave Juitt| October 17 2014

| Security

Google announced in a blog post on Tuesday a vulnerability in the design of SSL version 3.0 (CVE-2014-3566), nicknamed POODLE.  The SSLv3 protocol is used in OpenSSL and other commercial products.  This vulnerability allows the plaintext of secure connections to be calculated by a network attacker and has an overall CVSS severity rating of MEDIUM.  security POODLE

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability.  We've identified specific recommendations for MOVEit Managed File Transfer, WS_FTP Server and MessageWay and continue to evaluate remaining Ipswitch products, including WhatsUp Gold and IMail Server.  While POODLE is not considered high risk to our customers we will provide additional guidance for those products as soon as it's available.

To protect against this attack, it is recommended that all customers disable SSLv3 for all services and clients.  Please find specific instructions for the following products in this Ipswitch Knowledgebase article:

  • MOVEit File Transfer (DMZ) Server and API Module
  • MOVEit Central
  • MOVEit Ad Hoc
  • MOVEit Mobile
  • MOVEit Xfer
  • MOVEit Freely
  • WS_FTP Server
  • WS_FTP Web Transfer Module
  • WS_FTP Professional

Following the instructions above may present compatibility problems for users on old platforms and browsers, where there is no support for TLS 1.0 or higher. While both Google and Mozilla have announced plans to remove support for SSLv3 from their browsers soon, it's still recommended that you test these configuration changes and carefully monitor the production system after making any changes, so that you are prepared to handle any negative impact.

Topics: Security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Dave Juitt

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.