Expert Assist Remote Management Client in DA9.x vulnerable to CVE 2014 3556 SSL v3 POODLE
Expert Assist Remote Management client in Desktop Authority 9.1 is vulnerable to the SSL v3 PODDLE
For information on the vulnerability known as the SSLv3 "PODDLE" Vulnerability CVE_ 2014-356 , see http://community.websense.com/blogs/securitylabs/archive/2014/10/15/sslv3-quot-poodle-quot-vulnerability-cve-2014-3566.aspx
Vulnerabilities associated with CVE 2014 3556 SSL Protocol 3.0 POODLE from development.
DA Manager Console: Vulnerable, however, customers can configure it to not use SSL v3.0 by changing a registry key on the machine where the manager was installed as described in this article http://support.microsoft.com/kb/187498/en-us and then restarting the computer. This setting is system wide so it will also disable SSL v3.0 for any other software on that same machine. They can also disable SSL v3.0 and enable TLS in each of their browsers that are used to run the Manager console. The instructions for disabling SSL v3.0 for your browsers can be located here https://zmap.io/sslv3/browsers.html
Expert Assist: Vulnerable, however, the vulnerability is contained within the customers LAN. To mitigate the vulnerability the customer can disable SSL v3.0 and enable TLS in each of their browsers used to run the remote control sessions. EA supports Firefox, Chrome and IE.
Update Service: No vulnerability was found with DA’s Update Service since it uses http only, however, SSL v3.0 was disabled and TLS enabled on the web server (webservices.scriptlogic.com) to be on the safe side since other products (such as the SOLV products) use the same web server.