How to Protect Catapult Emails from POODLE

IBM recently published a security bulletin about an SSLv3 vulnerability called the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. This vulnerability could give a remote attacker plaintext access to what would otherwise be an encrypted SSL session.

Catapult doesn’t use SSLv3 by default but has the ability to specify the SMTP authentication protocol from within the Poller. If you use SSLv3 for sending emails, we recommend switching to TLS.

The Poller configuration is stored within the Catapult library so you’ll need to adjust each installed environment individually.

Catapult Poller Configuration

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>