Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

Explore cutting-edge research on CBC padding oracle vulnerabilities in this 41-minute Black Hat conference talk. Discover how a minor modification to the POODLE attack revived a vulnerability in a major enterprise HTTPS implementation years after it was supposedly patched. Learn about GOLDENDOODLE, a new attack based on POODLE that can potentially expose session IDs much faster. Gain insights into more effective testing and exploitation techniques for CBC padding oracles, and understand how the adoption of TLSv1.3 can mitigate these security risks. Delve into the technical details presented by Craig Young to enhance your knowledge of cryptographic vulnerabilities and their implications for web security.

Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All