StingRay and POODLE SSLv3 Vulnerability
On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.
By default StingRay has the SSLv3 protocol enabled but the vulnerability is only applicable if the StingRay’s external web interface is enabled and is set to use https functionality.
If your StingRay is effected please contact technical support and provide the external URL effected via the email address below, so an engineer can book a convenient time to make changes to your server…
The Pro2col support email address is email@example.com. For any further information or queries please contact Pro2col sales team here.