POODLE SSL 3.0 Security Vulnerability Remediation Client Response Guide Overview What is POODLE? POODLE is an Internet security vulnerability that impacts the Secure Sockets Layer (SSL) version 3.0 encryption protocol. This widely used security protocol was designed to ensure secure connections over the Internet. When exploited, the POODLE vulnerability could enable a cyber‐criminal to gain access to connections considered secure. How is CoreLogic responding? Following the recommended best practice for the industry, CoreLogic® Credco will disable SSL 3.0 support for these products and services effective October 25, 2015, and will utilize only the Transport Layer Security (TLS) protocol for these products/services. These actions will help to mitigate the risk posed by POODLE. This change does, however, have the potential to cause compatibility problems for a small number of our clients, resulting in the inability to access some CoreLogic products and services. This Client Response Guide will enable you to assess your CoreLogic connections and integrations to ensure that you can connect to your CoreLogic Credco products using TLS. We appreciate your prompt attention to this security issue. Although we recognize that our actions in this matter may cause a short‐term inconvenience to some clients, it is essential that we act in order to protect the accounts and financial data of both our clients and the consumer. What You Need to Do You need to ensure that the TLS protocol is the default protocol setting for your connection with CoreLogic Credco. Following the recommended actions will ensure that you can connect to your CoreLogic Credco products and services after October 25, 2015. Test Your Browser Please test your browser to ensure that your default settings are compliant with the TLS protocol. If they are not compliant, you can change your Internet security settings to enable TLS. SSL 3.0 Remediation: Client Response Guide To test the TLS capabilities of your browser version, follow these steps: 1. Open a browser window using the same browser you use to connect to your CoreLogic Credco websites. 2. Navigate to the Credco.com Beta website: https://beta.credco.com/home/ 3. If you can see the login screen as shown below, you do not need to take further action 4. If you are unable to see the login screen shown above, please follow the steps below to enable TLS on your web browser Changing your Internet security settings to enable TLS Each browser has a slightly different procedure for enabling TLS in the Internet security settings. Below we provide instructions for the Microsoft Internet Explorer (IE) browser. If you use another browser—such as Google Chrome, Safari, or FireFox—to connect to the CoreLogic websites, please contact your internal IT department or your website service partner to enable TLS for your browser. To enable the TLS protocol for Internet Explorer, follow these steps: 1. Open the same browser that you use to connect to the CoreLogic Credco websites. 2. Select Tools > Internet Options from the command ribbon. 3. When the Internet Options window opens, select the Advanced tab, and scroll down to the Security section (Figure 2). 4. Ensure that all TLS checkboxes are checked. 5. Click OK. You have now enabled TLS for the Internet Explorer browser and do not need to take any further action. NOTE: CoreLogic is not requiring you to disable SSL 3.0, only to enable TLS. Because of the POODLE vulnerability, however, all organizations should consider disabling SSL 3.0 as soon as possible. 4/10/15 Confidential Information. Not for disclosure outside CoreLogic 2 without expressed written permission. SSL 3.0 Remediation: Client Response Guide Figure 2. IE Internet Options, Advanced Security Settings Support Contact Information If you have questions or concerns regarding this remediation, please contact our Customer Support team:: Phone: (800) 577‐8787 Email: [email protected] 4/10/15 Confidential Information. Not for disclosure outside CoreLogic 3 without expressed written permission. .