On Wed, Nov 05, 2014 at 03:57:48PM +0530, Venkat V wrote: > Hi > > Can you please let me know if FTP service can be impacted by POODLE > vulnerability
The attack depends on being able to let the client connect multiple times and have control over part of the plain text. In theory a browser could implement ftps and an attacker could then try to download files with different names. If the ftp site also requires login information and the browser has stored that, it could try and steal that information that way. So I think it is impacted. However, I'm not sure many browsers support ftps. Most seem to support ftp but not ftps for some reason. I'm also not sure how many people use their browser to log in to ftp-sites since in my expierences it's not working very well. I'm also not sure there are many ftp sites that support SSL/TLS. So my understanding is that it is theoretically possible but very unlikely. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
