The POODLE flaw in SSLv3 will allow an attacker to recover plaintext from ciphertexts encrypted using block ciphers in CBC mode, such as 3DES-CBC or AES-CBC, due to an insecure interaction between CBC and encryption padding.
Exploitation of this type of attack, known as a "padding oracle" attack, is realistically achievable without significant resources and would be targeted towards web clients in an attempt to harvest application secrets sent in HTTPS requests, such as passwords, 'secure' HTTP session cookies, and Authorization header values.
However, successful exploitation does require the following conditions to be met:
- SSL encrypted traffic between the client and server must be intercepted via man-in-the-middle attacks such as network or WiFi sniffing. Intercepted encrypted packets will later be used to recover the plaintext content.
As the POODLE vulnerability is inherent in the design of the SSLv3 protocol itself, it unlikely that patches for any SSL implementation will be made available. The vulnerability can only be remediated by disabling support for SSLv3 CBC ciphers on at least one end of the SSL connection (i.e. the client or the server).
Unfortunately because the remaining supported SSLv3 RC4 ciphers also exhibit some cryptographic weaknesses that have long been demonstrated, it is strongly recommended that support for SSLv3 on affected web servers be fully disabled as soon as possible. This should not significantly impact the compatibility of hosted websites with modern web browsers as stronger protocol versions should be available and supported (with the exception of IE6 on Windows XP clients).
Finally, to prevent attackers from downgrading secure connections initiated with more secure protocol alternatives such as TLS, consider enabling the TLS_FALLBACK_SCSV option available in OpenSSL 1.0.1j. This solution will cause the fewest issues for end users, however it is not widely supported and may require upgrading web server components.
Please feel free to consult us, should you have any questions, or need advice about remediation for specific technologies.
For a more in-depth technical analysis we suggest the following links: