About the POODLE SSL v3 Vulnerability

The Google Security Team has announced a vulnerability in SSL v3, which they have called POODLE (an acronym for Padding Oracle On Downgraded Legacy Encryption). The SSL v3 technology is almost 18 years old, but it is still widely used -- especially by browsers, which can allow connections to fall back to SSL v3 if a connection cannot be established using a more modern protocol. Because an attacker can force this fall-back to occur, the attacker can then exploit weaknesses in the SSL v3 protocol.

The Finicity Aggregation API is not vulnerable to the POODLE bug because SSL v3 is not available on any of our servers. If you have trouble connecting to the API please verify that your software is using the latest technology (TLS 1.2 or later) to open these connections.

Have more questions? Submit a request

Comments

Powered by Zendesk