A
padding oracle attack exploits error messages or timing differences when a server processes improperly padded ciphertext — allowing decryption of CBC-mode ciphertext without the key.
POODLE exploited SSL 3.0's CBC padding oracle. Mitigation: use AES-GCM (authenticated encryption — doesn't need padding). Return generic errors regardless of failure reason. BEAST, POODLE, LUCKY13 are all padding oracle variants.