AnsweredAssumed Answered

QID 38603: SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)

Question asked by Yves fRECHETTE on Feb 17, 2015
Latest reply on Feb 18, 2015 by Yves fRECHETTE

Hi,

 

I would like to know if there is a false positive here with the Poodle vulnerability.  I did the following changes on my servers and I still have the vulnerability:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

DisableByDefault=1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

"enabled"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]“SecureProtocols”=dword:00000a80

 

Those settings are the recommended settings to disable SSLv3 so why I still have the SSLv3 Padding Oracle Attack Information Disclosure Vulnerability?

 

Thank you

Outcomes