POODLE script tools
A folder of 4 scripts to help secure against a SSL vulnerability known as POODLE.
“POODLE Fix” script simply adds the necessary registry entries to block SSLv3. It will report to the agent procedure log if the entries were added successfully. There are 2 keys, one for Server and one for Client that are added. The fix only needs to be applied to systems that listen for SSL connections (usually port 443). The following scripts are designed to help you decide which systems need the fix applied to them.
“POODLE Audit” script checks for the registry keys that block SSLv3 and report to the agent procedure log. Results can be filtered using $SSLv3$ $Audit$ and $OOD$. The $OOD$ tag will only appear if the system doesn’t have the keys or has SSLv3 enabled. This script only checks for the registry entries and doesn’t check ports. The “SSL binding audit” script can be used on Windows web servers (IIS) to check to see if the standard SSL port is vulnerable (443).
“SSL Binding audit” script is intended for use on Windows Servers (IIS). This script will determine if the server is vulnerable by looking to see if IIS has bound port 443. This will not work on a server running Apache. This will run a script called “SSL Binding Audit tagscript” if the server is vulnerable. A custom view can be used to filter and see all the machines that have run “SSL Binding Audit Script tagscript”. Those machines will be the ones that will need the “POODLE fix”.
“SSL Binding audit tagscript” is used as part of “SSL Binding audit” and should not be run. See “SSL Binding audit” above.