Attacks/Breaches

10/15/2014
02:15 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

'POODLE' Attacks, Kills Off SSL 3.0

A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.

Disable SSL 3.0 in browsers and servers: That's the recommendation of security experts in the wake of the discovery of a serious flaw in the nearly 15-year-old version of the encryption protocol. The flaw could allow an attacker to wage a man-in-the-middle attack against a user.

Google researchers announced late yesterday that they had discovered a vulnerability (CVE-2014-3566) in the older SSL (version 3) that could allow man-in-the-middle attacks on a user's encrypted web and other communications sessions. However, the so-called POODLE (Padding Oracle On Downgraded Legacy Encryption) attack would be tough to pull off, and the most likely scenario would be a determined attacker targeting a user or group of users, security experts say.

SSL 3.0 was replaced long ago by the newer Transport Layer Services (TLS) versions 1.0 and 1.2 in most SSL implementations, but the older version has been kept around mainly to support older client machines and legacy applications. Google now plans to remove SSL 3.0 altogether from its client software, including the Chrome browser, in the coming months. Mozilla says it will do so with Firefox on Nov. 25. According to some estimates, around 98% of websites still support SSL 3.0 for backward compatibility to older client machines and browsers.

But this is no Heartbleed vulnerability moment.

"It's not as bad as Heartbleed, but it's certainly real," says Dan Kaminsky, chief scientist at WhiteOps. The threat isn't fixable without disabling SSL 3.0, "but TLS has been out a long time, and the number of clients that can't speak it is small."

Ivan Ristic, director of engineering at Qualys and an SSL expert, concurs that POODLE is no Heartbleed. "It's a big problem, but it's not the end of the world," he says. "This is not an easy attack to carry out. It's an elaborate attack… There is a lot for the attacker to do to make it successful. The question is what's the motivation" to execute it.

According to security experts, the good news about POODLE is that it has sounded the death knell for the older version of the SSL protocol for encrypted communications. "It's very difficult to kill off old protocols," Ristic says. "It's very good to see" browser vendors and websites getting rid of SSL 3.0 because of it.

Google Security Team member Bodo Moller revealed the flaw in a blog post late yesterday after a flurry of industry speculation over whether yet another big Internet bug was in the wings. Most browsers are affected by the flaw, because they still support SSL 3.0, and Google says it supports a mechanism called TLS-FALLBACK-SCSV that would prevent an attacker from exploiting the SSL 3.0 flaw, he wrote. Some websites will break as Google disables SSL 3.0, so those sites "will need to be updated quickly" to drop SSL 3.0 support.

The attack can occur thanks to the support of SSL 3.0, and it is possible only when both a client and server include support for SSL 3.0. POODLE basically forces the use of SSL 3.0, which it then exploits. The attack would work like this: An attacker injects malicious JavaScript into the victim's browser, via code planted on a non-encrypted website the user visits, for example. Once the browser is infected, the attacker can execute a man-in-the middle attack, ultimately grabbing the victim's cookies and credentials from the secured web session.

"This is an attack on the client," Ristic says. It's similar to the BEAST man-in-the-middle attack from 2011. POODLE "has been known for a long time in one way or another. It was ignored because no one could see how it could be exploited" until now.

Karl Sigler, threat intelligence manager for Trustwave, notes that POODLE can work only if the victim is actively online and the attacker is physically near him or her, such as in a coffee shop or somewhere with public WiFi.

SSL-based VPN client software is not likely affected by POODLE, however. Ristic says he doesn't think the attack could be exploited on a VPN client. "And I wouldn't expect a modern VPN client to use SSL 3.0, anyway."

So why have SSL 3.0 at all? It has been kept alive mainly to support older client systems, such as Windows XP and Internet Explorer 6. The catch with disabling SSL 3.0, of course, is that IE6 users would be cut off -- something that is more of an issue overseas than in the US.

Meanwhile, SANS Internet Storm Center has set up an online POODLE test to see if your browser is vulnerable: A poodle pops up with a bubble screaming "Vulnerable!" if you are, and a Springfield terrier character pops up if you're not.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GonzSTL
100%
0%
GonzSTL,
User Rank: Ninja
10/20/2014 | 11:22:56 AM
Re: protocols too old
What really gets me is that TLS was designed to replace SSL, and was introduced last century (I know that sounds really dramatic), and we still have systems that have not deprecated that protocol. I realize that systems security updates/upgrades may consume a great deal of internal resources, but in today's threat landscape, can we really afford not to do that? Have we not arrived at a point where systems operators must be nimble enough so that they can respond to security issues such as an insecure protocol in a timely fashion, before havoc breaks out? Timely is the keyword. SSL 3.0 was released in 1996; TLS 1.0 was defined in January 1999, TLS 1.1 In April 2006, and TLS 1.2 in August 2008. Here we are in 2014, still talking about deprecating SSL 3.0! The bad guys are laughing, and the good guys are scrambling. It should be the other way around.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/16/2014 | 4:38:32 PM
Re: Credit to Google...
...ah, but as for us journos, we're all cursing Google for those awful POODLE pun PR pitches that name has spawned.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
10/16/2014 | 4:33:59 PM
Credit to Google...
...for naming this POODLE. It's memorable enough to get people to pay attention.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
10/16/2014 | 8:54:03 AM
Re: protocols too old
I almost LOL'ed when I learned that the reason SSLv3 is still supported in many cases is for XP and IE6 users. <sigh>
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 5:43:39 AM
protocols too old
Compare the extension of POODLE to HearthBleed or BashBug is absurd, anyway this flaw raise once again the necessity to approach security by design. 

Many protocols are very dated but still supported, like SSLv3, consider that the concept of security is evolved in the last 20 years in a dramatic way. Supporting a dated protocol for which security requirements were totally different from actual needs enlarge our surface of attacks.

It is necessary to seriously consider a deep assessment of most popular protocol and standard to avoid other clamourous case.

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 4:42:11 PM
Re: Is it safe? Probably not
So the Metasploit module isn't out officially yet? I haven't seen anything on it if so.
theb0x
50%
50%
theb0x,
User Rank: Ninja
10/15/2014 | 4:41:02 PM
Re: Is it safe? Probably not
Unfortunately I can not publicly disclose that information at this time.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 4:08:07 PM
Re: Is it safe? Probably not
If a Metasploit module is now out, then it's a bit more streamlined to pull off, for sure. But the attack still requires some proximity and targeting. Got a link to the Metasploit module by chance, @theb0x? Our commenting platform won't allow you to input a live link, but if you could provide the URL, that would be great. 

Thanks!
theb0x
100%
0%
theb0x,
User Rank: Ninja
10/15/2014 | 3:10:36 PM
Is it safe? Probably not.
"This is not an easy attack to carry out. It's an elaborate attack... There is a lot for the attacker to do to make it successful. The question is what's the motivation" to execute it."


This statement is completely misleading. Truth is it is an easy attack. The CVE-2014-3566 (Poodle SSL Vulnerability) PoC has already been released for Metasploit 4.10.0 (Update 2014101501).

 


 

 

 
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in &quot;admin/sysUser/save.do?callbackType=closeCurrent&amp;navTabId=sysUser/list&quot; that can add an admin account.
CVE-2018-11501
PUBLISHED: 2018-05-26
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.
CVE-2018-11503
PUBLISHED: 2018-05-26
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11504
PUBLISHED: 2018-05-26
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11494
PUBLISHED: 2018-05-26
The &quot;program extension upload&quot; feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containi...