Admins can check if the flaw impacts their servers

Dec 9, 2014 14:00 GMT  ·  By

The vulnerability in the SSL 3.0 communication protocol exploited through the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack also affects certain TLS (Transport Layer Security) implementations.

In mid-October, security experts released information about a method that allowed an attacker to decrypt sensitive information, such as authentication cookies, sent through an SSL connection.

The attack required the threat actor to intercept the communication from the client to the HTTPS server and to downgrade the connection to SSL 3.0, which relies on a vulnerable CBC-mode (cipher-block chaining) cipher suite to protect the data in transit.

Some load balancers are affected

It was believed that POODLE affected only SSL 3.0, but Google security engineer has discovered that the issue extends to TLS implementations with an SSL 3.0 decoding function.

Older versions of NSS (Network Security Services), Mozilla’s cryptographic library employed in different products of the company, including Firefox, are affected by the problem, and so are other products, as Google’s Adam Langley discovered by using a scanner he built.

He found that websites, some of them administered by Bank of America, with load balancing devices from F5 Networks and A10 Networks were vulnerable.

Even if TLS is used, if the protocol relies on a decoding function from SSL 3.0, the padding bytes are not defined for the encrypted packets. As such, the padding structure cannot be verified after decryption, making a POODLE attack possible.

F5 and A10 are the vendors with vulnerable products identified by Langley, but the security engineer believes that others may also be affected.

“F5 have posted patches for their products and A10 should be releasing updates today. I'm not completely sure that I've found every affected vendor, but now that this issue is public, any other affected products should quickly come to light,” he wrote in a blog post on Monday.

Free vulnerability scanner available

Ivan Ristic from Qualys points out that, in the case of TLS, the attack would be easier to carry out because there no longer exists the need to downgrade the secure protocol to SSL 3.0.

Most services have already taken the necessary measures to phase out SSL 3.0. The process cannot be completed at once, and as a precaution against POODLE, some products now prevent gradual downgrading the secure connection to SSL.

SSL 3.0 will no longer be supported by Google Chrome 40, while Mozilla has already removed it in Firefox 34.

A free service from Qualys offers web administrators the possibility to check if their servers and/or load balancers are vulnerable to POODLE. If the result is positive, they should find the patch from the vendor and apply it.

POODLE on TLS (5 Images)

Some TLS implementations are vulnerable to POODLE attack
Overall rating for servers administered by Bank of America downgraded to FBank of America website vulnerable to POODLE attack against TLS
+2more