Attacks/Breaches

10/15/2014
02:15 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

'POODLE' Attacks, Kills Off SSL 3.0

A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.

Disable SSL 3.0 in browsers and servers: That's the recommendation of security experts in the wake of the discovery of a serious flaw in the nearly 15-year-old version of the encryption protocol. The flaw could allow an attacker to wage a man-in-the-middle attack against a user.

Google researchers announced late yesterday that they had discovered a vulnerability (CVE-2014-3566) in the older SSL (version 3) that could allow man-in-the-middle attacks on a user's encrypted web and other communications sessions. However, the so-called POODLE (Padding Oracle On Downgraded Legacy Encryption) attack would be tough to pull off, and the most likely scenario would be a determined attacker targeting a user or group of users, security experts say.

SSL 3.0 was replaced long ago by the newer Transport Layer Services (TLS) versions 1.0 and 1.2 in most SSL implementations, but the older version has been kept around mainly to support older client machines and legacy applications. Google now plans to remove SSL 3.0 altogether from its client software, including the Chrome browser, in the coming months. Mozilla says it will do so with Firefox on Nov. 25. According to some estimates, around 98% of websites still support SSL 3.0 for backward compatibility to older client machines and browsers.

But this is no Heartbleed vulnerability moment.

"It's not as bad as Heartbleed, but it's certainly real," says Dan Kaminsky, chief scientist at WhiteOps. The threat isn't fixable without disabling SSL 3.0, "but TLS has been out a long time, and the number of clients that can't speak it is small."

Ivan Ristic, director of engineering at Qualys and an SSL expert, concurs that POODLE is no Heartbleed. "It's a big problem, but it's not the end of the world," he says. "This is not an easy attack to carry out. It's an elaborate attack… There is a lot for the attacker to do to make it successful. The question is what's the motivation" to execute it.

According to security experts, the good news about POODLE is that it has sounded the death knell for the older version of the SSL protocol for encrypted communications. "It's very difficult to kill off old protocols," Ristic says. "It's very good to see" browser vendors and websites getting rid of SSL 3.0 because of it.

Google Security Team member Bodo Moller revealed the flaw in a blog post late yesterday after a flurry of industry speculation over whether yet another big Internet bug was in the wings. Most browsers are affected by the flaw, because they still support SSL 3.0, and Google says it supports a mechanism called TLS-FALLBACK-SCSV that would prevent an attacker from exploiting the SSL 3.0 flaw, he wrote. Some websites will break as Google disables SSL 3.0, so those sites "will need to be updated quickly" to drop SSL 3.0 support.

The attack can occur thanks to the support of SSL 3.0, and it is possible only when both a client and server include support for SSL 3.0. POODLE basically forces the use of SSL 3.0, which it then exploits. The attack would work like this: An attacker injects malicious JavaScript into the victim's browser, via code planted on a non-encrypted website the user visits, for example. Once the browser is infected, the attacker can execute a man-in-the middle attack, ultimately grabbing the victim's cookies and credentials from the secured web session.

"This is an attack on the client," Ristic says. It's similar to the BEAST man-in-the-middle attack from 2011. POODLE "has been known for a long time in one way or another. It was ignored because no one could see how it could be exploited" until now.

Karl Sigler, threat intelligence manager for Trustwave, notes that POODLE can work only if the victim is actively online and the attacker is physically near him or her, such as in a coffee shop or somewhere with public WiFi.

SSL-based VPN client software is not likely affected by POODLE, however. Ristic says he doesn't think the attack could be exploited on a VPN client. "And I wouldn't expect a modern VPN client to use SSL 3.0, anyway."

So why have SSL 3.0 at all? It has been kept alive mainly to support older client systems, such as Windows XP and Internet Explorer 6. The catch with disabling SSL 3.0, of course, is that IE6 users would be cut off -- something that is more of an issue overseas than in the US.

Meanwhile, SANS Internet Storm Center has set up an online POODLE test to see if your browser is vulnerable: A poodle pops up with a bubble screaming "Vulnerable!" if you are, and a Springfield terrier character pops up if you're not.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GonzSTL
100%
0%
GonzSTL,
User Rank: Ninja
10/20/2014 | 11:22:56 AM
Re: protocols too old
What really gets me is that TLS was designed to replace SSL, and was introduced last century (I know that sounds really dramatic), and we still have systems that have not deprecated that protocol. I realize that systems security updates/upgrades may consume a great deal of internal resources, but in today's threat landscape, can we really afford not to do that? Have we not arrived at a point where systems operators must be nimble enough so that they can respond to security issues such as an insecure protocol in a timely fashion, before havoc breaks out? Timely is the keyword. SSL 3.0 was released in 1996; TLS 1.0 was defined in January 1999, TLS 1.1 In April 2006, and TLS 1.2 in August 2008. Here we are in 2014, still talking about deprecating SSL 3.0! The bad guys are laughing, and the good guys are scrambling. It should be the other way around.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/16/2014 | 4:38:32 PM
Re: Credit to Google...
...ah, but as for us journos, we're all cursing Google for those awful POODLE pun PR pitches that name has spawned.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
10/16/2014 | 4:33:59 PM
Credit to Google...
...for naming this POODLE. It's memorable enough to get people to pay attention.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
10/16/2014 | 8:54:03 AM
Re: protocols too old
I almost LOL'ed when I learned that the reason SSLv3 is still supported in many cases is for XP and IE6 users. <sigh>
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 5:43:39 AM
protocols too old
Compare the extension of POODLE to HearthBleed or BashBug is absurd, anyway this flaw raise once again the necessity to approach security by design. 

Many protocols are very dated but still supported, like SSLv3, consider that the concept of security is evolved in the last 20 years in a dramatic way. Supporting a dated protocol for which security requirements were totally different from actual needs enlarge our surface of attacks.

It is necessary to seriously consider a deep assessment of most popular protocol and standard to avoid other clamourous case.

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 4:42:11 PM
Re: Is it safe? Probably not
So the Metasploit module isn't out officially yet? I haven't seen anything on it if so.
theb0x
50%
50%
theb0x,
User Rank: Ninja
10/15/2014 | 4:41:02 PM
Re: Is it safe? Probably not
Unfortunately I can not publicly disclose that information at this time.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 4:08:07 PM
Re: Is it safe? Probably not
If a Metasploit module is now out, then it's a bit more streamlined to pull off, for sure. But the attack still requires some proximity and targeting. Got a link to the Metasploit module by chance, @theb0x? Our commenting platform won't allow you to input a live link, but if you could provide the URL, that would be great. 

Thanks!
theb0x
100%
0%
theb0x,
User Rank: Ninja
10/15/2014 | 3:10:36 PM
Is it safe? Probably not.
"This is not an easy attack to carry out. It's an elaborate attack... There is a lot for the attacker to do to make it successful. The question is what's the motivation" to execute it."


This statement is completely misleading. Truth is it is an easy attack. The CVE-2014-3566 (Poodle SSL Vulnerability) PoC has already been released for Metasploit 4.10.0 (Update 2014101501).

 


 

 

 
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.