End of SSLv3 (CVE-2014-3566): POODLE

Share Button

Google researchers recently uncovered a security bug (CVE-2014-3566) that could allow hackers to steal data. This vulnerability is a Man-In-The-Middle (MITM) attack which means a client-to-server session is being hijacked and then used in a malicious manner. This attack has been associated with SSLv3 connections, and could force TLS sessions to downgrade to SSLv3. The TLS versions are not affected (neither is DTLS).

What Is POODLE?
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3.0. It does not affect the newer encryption mechansim known as Transport Layer Security (TLS).

Am i vulnerable?
The attack scenario requires the attacker to be able to inject data of his own, and to intercept the encrypted bytes. The only possible context where such a thing happens is a Web browser. In that case, Poodle is, like BEAST and CRIME, an attack on the client, not on the server.

If [product] is a Web browser, then it may be affected. But that will depends on the server. The protocol version used is a negotiation between client and server; SSL 3.0 will happen only if the server agrees. Thus, it might be consider that the server is “vulnerable” if it allows SSL 3.0 to be used (this is technically incorrect, since the attack is client-side in a Web context).

How to check?
Test your browser:

https://www.poodletest.com/, https://zmap.io/sslv3/

Test your server:

http://poodlebleed.com

$ openssl s_client -connect google.com:443 -ssl3
If there is a handshake failure then the server is not supporting SSLv3 and it is secure from this vulnerability. Otherwise it is required to disable SSLv3 support.

Recommendations
To mitigate this vulnerability SSL 3.0 should be disabled in all affected packages.

Workarounds:

  • Disable SSL 3.0 support in the client.
  • Disable SSL 3.0 support in the server.
  • Disable support for CBC-based cipher suites when using SSL 3.0 (in either client or server).
  • Implement that new SSL/TLS extension to detect when some active attacker is breaking connections to force your client and server to use SSL 3.0, even though both know TLS 1.0 or better. Both client and server must implement it.

Useful Links:
Full vulnerability disclosure

Leave a comment


Be the first to comment