GDS Labs Alerts are sent when our research team have cutting edge research, or breaking news on newly discovered vulnerabilities.
Email not displaying correctly?
View it in your browser.
Follow on Twitter
GDS Labs Alert - SSL v3 "POODLE" Vulnerability. CVE-2014-3566

What is "POODLE"?

Yesterday Google announced the discovery of POODLE, a critical design flaw within the obsolete SSLv3 protocol. While this vulnerability is not nearly as severe as the recent Heartbleed or Shellshock, it is still a critical issue of which GDS clients should be aware. 

Impact

The POODLE flaw in SSLv3 will allow an attacker to recover plaintext from ciphertexts encrypted using block ciphers in CBC mode, such as 3DES-CBC or AES-CBC, due to an insecure interaction between CBC and encryption padding.

Exploitation of this type of attack, known as a "padding oracle" attack, is realistically achievable without significant resources and would be targeted towards web clients in an attempt to harvest application secrets sent in HTTPS requests, such as passwords, 'secure' HTTP session cookies, and Authorization header values.

However, successful exploitation does require the following conditions to be met:

  • SSL encrypted traffic between the client and server must be intercepted via man-in-the-middle attacks such as network or WiFi sniffing. Intercepted encrypted packets will later be used to recover the plaintext content.
  • JavaScript must run in the client’s browser in order to generate and serve the attack payload. Other network services integrating SSLv3 transport protection mechanisms (e.g. SMTP, FTP, etc) should therefore not be impacted.
 

Remediation

As the POODLE vulnerability is inherent in the design of the SSLv3 protocol itself, it unlikely that patches for any SSL implementation will be made available. The vulnerability can only be remediated by disabling support for SSLv3 CBC ciphers on at least one end of the SSL connection (i.e. the client or the server). 

Unfortunately because the remaining supported SSLv3 RC4 ciphers also exhibit some cryptographic weaknesses that have long been demonstrated, it is strongly recommended that support for SSLv3 on affected web servers be fully disabled as soon as possible. This should not significantly impact the compatibility of hosted websites with modern web browsers as stronger protocol versions should be available and supported (with the exception of IE6 on Windows XP clients).

Finally, to prevent attackers from downgrading secure connections initiated with more secure protocol alternatives such as TLS, consider enabling the TLS_FALLBACK_SCSV option available in OpenSSL 1.0.1j. This solution will cause the fewest issues for end users, however it is not widely supported and may require upgrading web server components.

Please feel free to consult us, should you have any questions, or need advice about remediation for specific technologies.

 

For a more in-depth technical analysis we suggest the following links:

Copyright © 2014 Gotham Digital Science LLC, All rights reserved.