GoodData Responds to POODLE Vulnerability

Steve Olson

Effectively immediately, GoodData recommends that all users and administrators disable the SSLv3 transport protocol in their browsers and server-to-server connections to avoid exposure to the POODLE vulnerability. Identified in CVE-2014-3556, this widespread issue was discovered by Google on October 14, 2014.

GoodData will fix this issue in the next maintenance window for the GoodData platform on Friday October 17. GoodData continues to monitor the platform for exposure to this vulnerability.

NOTE: Exploiting the vulnerability requires a man-in-the-middle attack. Since one possible attack scenario involves a forged SSL certificate, end users should confirm that the certificate used to authenticate any site is valid and verified by a trusted provider.

For more information, see Security Notice - CVE 2014-3556 POODLE Vulnerability.

Dev's Newsletter

Subscribe Now