ADP’s Response to SSLv3 CBC-mode “Poodle” Vulnerability
Most Recently Reported:
October 18, 2014
Date Initially Reported:
October 18, 2014
ADP has learned of the SSLv3 CBC-Mode vulnerability (also known as “Poodle”), which can affect Unix systems with Apache/Tomcat webservers, Microsoft IIS webservers, and all Internet browsers (e.g., Internet Explorer, Chrome, etc.). This vulnerability potentially allows for “man-in-the-middle” type attacks, in which a network attacker could possibly decrypt and extract targeted parts of an SSL communication.
To help mitigate risks associated with this vulnerability, ADP is:
- Advising clients to evaluate advisories published from vendors and others to determine what steps would be best for their networks and environments (such as disabling SSLv3 compatibility in their web browsers).
- Testing, evaluating, and possibly disabling SSLv3 compatibility on our associate desktops and related environment browsers and limiting browsers and servers to communicate on non-vulnerable protocols, such as TLS 1.x.
- In addition, ADP will evaluate and deploy patches as they become available from different vendors
Clients, partners, and ADP associates are reminded about the importance of using only trusted networks for communication.
Our cyber threat management platforms are continuously updated to detect and respond to malicious activity. In keeping with our emphasis on security, we will continue to scan and monitor our environments externally, as well as internally, in order to identify any possible vulnerabilities and remediate them.
For more information on this topic please visit:
Protecting our clients and their data has been, and always will be, a top priority for ADP.
If you have any further questions/concerns, please contact our Client Security Management Office via email firstname.lastname@example.org.
Download a PDF of this Alert
See All Security Alerts