OrangeHRM Secured: POODLE SSLv3 Vulnerability By Shaun Bradley

What is the POODLE Vulnerability? Security researchers from Google recently identified a bug that affects SSL 3.0. Despite SSL 3.0 is over 17 years old it is still used by many to date. The vulnerability has been nicknamed as POODLE which stands for "Padding Oracle On Downgraded Legacy Encryption". Since this is a “man-in-the-middle attack” the bug only allows hackers to steal data by tapping into the connection between the users and servers first, so the vulnerability is highly unlikely to be exploited in home of office environment. Learn More Does it affect OrangeHRM?

OrangeHRM Live Cloud Hosting

If you are using OrangeHRM’s cloud, you are safe!

OrangeHRM is no longer vulnerable to POODLE as disabled SSL 3.0 access immediately.  We will be using TLS 1 and above moving forward. The internet is full of bugs and vulnerabilities hence OrangeHRM constantly monitors server traffic and implement mechanisms to prevent attacks while our researchers try to exploit vulnerabilities and fix them before they get into the wrongs hands.

On-Premise and Third Party Hosting

The POODLE vulnerability is an attack between the users and servers and not with OrangeHRM application we urge you to check your servers or contact your hosting service providers to ensure your company information is not vulnerable.

For more information please contact the OrangeHRM Managed Services Team.