POODLE vulnerability

Follow

Overview

We regularly receive reports from AusCERT of webservers that are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. This attack may lead to decryption of HTTPS connections between clients (e.g. your users' web browsers) and your web servers by exploiting a weakness in SSL3.0 with cipher-block chaining (CBC) mode ciphers enabled [1][2].

In simple terms, third parties may be able to steal confidential information (such as users' passwords) sent over supposedly secure connections HTTPS between your users' web browsers and your web services.

Checking to see if you are vulnerable

From a Linux / Mac OSX system with the "openssl" tool installed, run this command:

    openssl s_client -ssl3 -connect <IP>:443

If the connection succeeds (i.e. the command doesn't fail back to the command prompt), then SSL 3.0 has not been disabled, and your server is (still) vulnerable.  

If you see a message like "139887533565592:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method passed:ssl_lib.c:1878", that means that your "openssl" tool has been built with SSLv3 disabled. You need to try a different approach for checking for the vulnerability.

Other ways of checking are described in the AusCERT FAQs.

Recommended mitigation(s)

The US-CERT has given the following mitigations to the POODLE problem [2]:

There is currently no fix for the vulnerability in SSL 3.0 itself, as the issue
is fundamental to the protocol; however, disabling SSL 3.0 support in 
system/application configurations is the most viable solution currently 
available.

Some of the same researchers that discovered the vulnerability also developed a
fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol
extension that prevents MITM attackers from being able to force a protocol
downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest
versions and recommend the following upgrades: [1]

        OpenSSL 1.0.1 users should upgrade to 1.0.1j.
        OpenSSL 1.0.0 users should upgrade to 1.0.0o.
        OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade
attacks.

A search for CVE-2014-3566 on our website will also give a list of products 
that have had patches released [3].

References
[1] https://www.auscert.org.au/20873
[2] https://www.us-cert.gov/ncas/alerts/TA14-290A
[3] https://www.auscert.org.au/search.html?search_keywords=CVE-2014-3566

Additional information on the POODLE attack may be found at: 
[4] https://www.openssl.org/~bodo/ssl-poodle.pdf
[5] https://www.imperialviolet.org/2014/12/08/poodleagain.html
[6] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
[7] https://www.tinfoilsecurity.com/blog/how-to-fix-poodle-and-why-you-are-probably-still-vulnerable

Have more questions? Submit a request

Comments

Powered by Zendesk