On Wed, Nov 05, 2014 at 07:04:37PM +0100, Kurt Roeckx wrote: > On Wed, Nov 05, 2014 at 03:57:48PM +0530, Venkat V wrote: > > Hi > > > > Can you please let me know if FTP service can be impacted by POODLE > > vulnerability > > The attack depends on being able to let the client connect > multiple times and have control over part of the plain text. > In theory a browser could implement ftps and an attacker could > then try to download files with different names. If the ftp site > also requires login information and the browser has stored that, > it could try and steal that information that way. So I think it > is impacted. > > However, I'm not sure many browsers support ftps. Most seem to > support ftp but not ftps for some reason. I'm also not sure how > many people use their browser to log in to ftp-sites since in my > expierences it's not working very well. I'm also not sure there > are many ftp sites that support SSL/TLS. > > So my understanding is that it is theoretically possible but very > unlikely.
To clarify, that was about easy ways to exploit it. There are other ways to exploit it that are harder. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
