POODLE attack
E737309
cryptographic attack
man-in-the-middle attack
padding oracle attack
transport layer security vulnerability
The POODLE attack is a cryptographic vulnerability that exploits weaknesses in SSL 3.0’s CBC mode to decrypt secure HTTPS communications.
All labels observed (1)
| Label | Occurrences |
|---|---|
| POODLE attack canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T8489783 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: POODLE attack Context triple: [BEAST attack, relatedTo, POODLE attack]
-
A.
BEAST attack
The BEAST attack is a cryptographic exploit that targets vulnerabilities in early versions of TLS/SSL to decrypt secure HTTPS traffic by abusing weaknesses in block cipher modes like CBC.
-
B.
ROCA
ROCA is the acronym for the Republic of China Army, the land warfare branch of Taiwan’s armed forces.
-
C.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
D.
Merkle puzzles
Merkle puzzles are an early cryptographic protocol that introduced the concept of public-key exchange by allowing two parties to establish a shared secret over an insecure channel using computationally asymmetric “puzzle” problems.
-
E.
Ettercap
Ettercap is a network security tool used for sniffing, intercepting, and manipulating traffic on local area networks, commonly employed for man-in-the-middle attacks and protocol analysis.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: POODLE attack Target entity description: The POODLE attack is a cryptographic vulnerability that exploits weaknesses in SSL 3.0’s CBC mode to decrypt secure HTTPS communications.
-
A.
BEAST attack
The BEAST attack is a cryptographic exploit that targets vulnerabilities in early versions of TLS/SSL to decrypt secure HTTPS traffic by abusing weaknesses in block cipher modes like CBC.
-
B.
ROCA
ROCA is the acronym for the Republic of China Army, the land warfare branch of Taiwan’s armed forces.
-
C.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
D.
Merkle puzzles
Merkle puzzles are an early cryptographic protocol that introduced the concept of public-key exchange by allowing two parties to establish a shared secret over an insecure channel using computationally asymmetric “puzzle” problems.
-
E.
Ettercap
Ettercap is a network security tool used for sniffing, intercepting, and manipulating traffic on local area networks, commonly employed for man-in-the-middle attacks and protocol analysis.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
cryptographic attack
ⓘ
man-in-the-middle attack ⓘ padding oracle attack ⓘ transport layer security vulnerability ⓘ |
| abbreviation | POODLE NERFINISHED ⓘ |
| affectedSoftware |
web browsers that supported SSL 3.0
ⓘ
web servers that supported SSL 3.0 ⓘ |
| affectsProtocol |
SSL 3.0
NERFINISHED
ⓘ
TLS (when TLS is downgraded to SSL 3.0) ⓘ |
| announcedBy |
Bodo Möller
NERFINISHED
ⓘ
Google security researchers NERFINISHED ⓘ Krishna Bhargavan NERFINISHED ⓘ Thai Duong NERFINISHED ⓘ |
| attackVector |
active network interception
ⓘ
induced repeated requests with controlled plaintext ⓘ |
| category |
TLS/SSL vulnerability
ⓘ
web security vulnerability ⓘ |
| CVEIdentifier | CVE-2014-3566 ⓘ |
| disclosedOn | 2014-10-14 ⓘ |
| enables |
decryption of parts of HTTPS traffic
ⓘ
recovery of authentication tokens ⓘ recovery of secure cookies ⓘ |
| exploits |
CBC mode weaknesses in SSL 3.0
ⓘ
padding oracle in block cipher mode ⓘ |
| fullName | Padding Oracle On Downgraded Legacy Encryption NERFINISHED ⓘ |
| impact |
confidentiality of encrypted data
ⓘ
integrity of secure cookies ⓘ session security of HTTPS websites ⓘ |
| mitigation |
avoid protocol downgrades to SSL 3.0
ⓘ
disable SSL 3.0 support on clients ⓘ disable SSL 3.0 support on servers ⓘ implement TLS_FALLBACK_SCSV ⓘ use modern TLS versions only ⓘ |
| namedAfter | poodle (dog breed) ⓘ |
| publishedIn | Security Advisory by Google NERFINISHED ⓘ |
| reasonForName | acronym for Padding Oracle On Downgraded Legacy Encryption ⓘ |
| relatedTo |
BEAST attack
NERFINISHED
ⓘ
Lucky Thirteen attack NERFINISHED ⓘ protocol downgrade attacks ⓘ |
| requires |
ability to trigger multiple HTTPS requests by the victim
ⓘ
man-in-the-middle network position ⓘ support for SSL 3.0 on client and server ⓘ |
| securityPropertyViolated | confidentiality of TLS/SSL sessions ⓘ |
| standardResponse |
deprecation of SSL 3.0 in major browsers
ⓘ
removal of SSL 3.0 support from many servers ⓘ |
| targets |
HTTPS connections
ⓘ
TLS/SSL sessions that can be downgraded to SSL 3.0 ⓘ encrypted web traffic ⓘ |
| vulnerableCipherMode | CBC (Cipher Block Chaining) NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: POODLE attack Description of subject: The POODLE attack is a cryptographic vulnerability that exploits weaknesses in SSL 3.0’s CBC mode to decrypt secure HTTPS communications.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.