Zen Cart Payment Errors and SSL v3 Vulnerability
Problem reported by Terry Swiers - 11/13/2014 at 11:58 AM
Employee Post
A security vulnerability with the SSL v3 protocol was discovered earlier this year that could potentially lead to "secure" cookies being decrypted, exposing authentication information between users and the server that they are connecting to.
For users of the Millennium Software Zen Cart import/export utility, this is not an issue with our product but it may impact your ability to take payments from various payment gateways as they remove support for SSL v3.  A message posted on the Zen Cart support forum explains how to modify Zen Cart to disable use of SSL v3:    http://www.zen-cart.com/showthread.php?214916-Important-announcement-about-POODLE-and-payment-security .   
For everyone else, this issue can affect your secure connections to sites you visit every day depending on the browser that you are using.  You can test your browser for safe operation against this vulnerability at https://www.ssllabs.com/ssltest/viewMyClient.html .  

And for those of you running your own web servers, you can test for this vulnerability (as well as other security issues) at https://www.ssllabs.com/ssltest/index.html.  
Please contact your IT department, or your server host, if you need assistance with disabling SSL v3.

Reply to Thread