Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566. This attack utilises a vulnerability in version three of the SSL protocol (SSLv3) when using Cipher Block Chaining (CBC) mode ciphers. Despite SSL being superseded by TLS, some TLS implementations allow for backwards compatibility with SSL to facilitate a smooth user experience when communicating with legacy systems.
The attack has some similarities to a previously identified attack known as BEAST (which was also a padding oracle attack), however this attack is specific to SSLv3.
When determining which protocol to use, TLS clients will offer the highest version they support. If this handshake fails, the client will retry the attempt with earlier protocol versions. In a situation where an attacker is able to modify messages being sent between a client and server, SSL handshake packets can be dropped until the client sends a request to use SSLv3. This would force the client and server to use SSLv3, leaving the client vulnerable to the POODLE attack. If exploited, the vulnerability would allow an attacker to decrypt parts of the encrypted stream and gain access to clear-text HTTP values that were previously thought to be secure, such as HTTP Secure authentication cookies.
So what does this mean? What will it affect? The answer is that anything that makes use of SSLv3 will be affected.
Due to the requirement for the attacker to control the sender’s requests, the most likely target for attack will be web applications accessed over a “malicious” wireless network, although it is important to remember that attackers (particularly those that are state sponsored) can potentially control hijacked physical connections and that many binary applications, particularly those in the mobile space, utilise web views for the purpose of rendering content.
There are a number of possible mitigations for this issue, although care should be taken to ensure that other issues are not introduced. The advice given in our SSL good practice guide still applies and mitigates this attack, even before the attack was publicly release.
Additionally, our SSL Cipher Suite Enum tool has been updated to detect where servers may be vulnerable to the POODLE attack.
A more technical update can be found on our Labs site https://labs.portcullis.co.uk