Poodle Vulnerability null Bangalore Meet 18 March 2017 null/OWASP/G4H Combined meet - March 2017
Abstract
Poodle (Padding Oracle On Downgraded Legacy Encryption) Vulnerability
In this talk we will see how an attacker can ensue a protocol downgrade and leverage a cryptographic weakness in SSL 3.0 to retrieve session cookie. We shall cover CBC and the "math" required to successfully decipher session cookie. In addition we will glance over the mitigation.
Follow the link in the presentation to reach to the PoC.
Speaker
Timing
Starts at Saturday March 18 2017, 09:30 AM. The sessions runs for about 1 hour.