This article describes a workaround to protect your system from the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability.
POODLE is a protocol downgrade that allows abuses on outdated form of encryptions. SSL 3.0 is a fallback protocol for most servers when more secure protocols like TLS fail to recognize the handshake. An attacker can force downgrade your browser to SSL 3.0 and gain entry to personal data. Since the problem is the protocol, anything that uses SSL 3.0 is affected. An attacker can obtain private information despite using protocol HTTP/S is used.
Any product using OpenSSL cryptographic functions are not vulnerable, but a vulnerability scan will report them if they contain vulnerable OpenSSL versions.
Protocol downgrade is visible on the server side. Servers can usually log TLS protocol versions. This information can be compared with user agents or other information from the profile of a logged in user. Mismatches can indicate attack attempts.
Communication between the following DameWare components is affected:
Note: Re-enabling SSL 3.0 usage cannot be prohibited. This may have negative implications on other installed programs.