POODLE SSL flaw is threatening also TLS Security Protocol

Pierluigi Paganini December 10, 2014

Researchers at Qualys revealed that POODLE is likely to hit some of the most popular websites because the flaw also affects implementations of newer TLS.

POODLE (Padding Oracle On Downgraded Legacy Encryption) is a critical vulnerability affecting SSL that was discovered in October 2014. The researchers at Google that discovered it, explained that the POODLE flaw is related to the extended support implemented by the majority of Web servers and Web browsers to the SSL version 3. The SSL version 3 protocol is used to secure communication channels despite it has been replaced by the Transport Layer Security (TLS).

Unfortunately SSLv3, unlike TLS 1.0 or newer, doesn’t perform validation of all data related every message sent over a secure channel, this circumstance allows a bad actor to decipher every single byte at time of the encrypted traffic and see it in clear text. Resuming, POODLE allowed attackers to intercept traffic between the user’s browser and the HTTPs website through a Man-in-the-Middle (MitM) attack causing the exposure of sensitive data.

Webmasters worldwide, after the alert issued by the Google’s research team, have patched their systems to fix the flaw, but POODLE is still scaring the security experts because the vulnerability also affects implementations of the newer Transport Layer Security (TLS) protocol.

“We’re removing SSLv3 in favor of TLS because TLS fully specifies the contents of the padding bytes and thus stops the attack. However, TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the paddingbytes but that wouldn’t cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections.” wrote Adam Langley in the post titled The POODLE Bites Again.

The news is disconcerting because the security industry believed that the TLS was immune, but POODLE is likely to affect some of the most popular websites, including those managed by government entities, financial institutions and private firms, including the Bank of America and Accenture.

The new vulnerability coded as CVE-2014-8730affects TLS version 1.2 which fails to handle padding, as explained by researchers at Qualys some implementation of the TLS protocol don’t check the padding structure after the description process.”

The vulnerability is considered critical, Qualys firm reports that it has been estimated that about 10 percent of the servers are vulnerable to the POODLE attack through TLS.

The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute–no need to downgrade modern clients down to SSL 3 first, TLS 1.2 will do just fine,” Ivan Ristic, Qualys’s director of application security research, reports in a blog post titled POODLE bites TLS.

The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack. A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical.

Qualys also provides a free online test that allows users to check if a system is affected by the vulnerability, SSL Server Test has been updated in order to detect the problem.

poodle test 2

Till now, security experts have discovered that load balancers and other network devices sold by the vendors F5 Networks and A10 Networks, which support TLS connections, are vulnerable to this variant of the PODDLE attack. F5 Networks confirmed that the F5 kit is vulnerable to the attack.

“F5 and A10 have posted patches for their products (F5’s are here and A10’s are here and they have an advisory here). I’m not completely sure that I’ve found every affected vendor but, now that this issue is public, any other affected products should quickly come to light.”

“Everything less than TLS 1.2 with an AEAD cipher suite is broken”, states Google’s Adam Langley “I’m not completely sure that I’ve found every affected vendor but, now that this issue is public, any other affected products should quickly come to light.”

Don’t waste time, check your website using the SSL Labs test and if vulnerable, apply the patch provided by the vendor.

Stay tuned for further information!

Pierluigi Paganini

(Security Affairs –  POODLE, TLS)



you might also like

leave a comment