“POODLE” SSL v3 Vulnerability October 16, 2014

A vulnerability has been reported in SSL version 3.0, one of the common protocols used to secure Internet traffic. Also known as POODLE (Padding Oracle On Downgraded Legacy Encryption), the vulnerability could allow an attacker to compromise the encrypted communication between a client (e.g. web browser) and server (e.g. web site) who have negotiated to use SSL v3 as their encryption protocol . For more information about this vulnerability, please see:

Severity

Medium

  • Risk: Low
    • The exploit requires the attacker to set up a Man in the Middle. This is fairly sophisticated to do
    • The exploit works only if SSL v3 is enabled on both the client and server and only if they both negotiate down to SSL v3
  • Impact: High
    • Once compromised, the attacker can convert the encrypted contents, between server and client, into plain text

Impacted Systems

  • Any system that has SSL v3 enabled

Recommendation

Please refer to the Information Security Standards #16 – Cryptographic Controls:
http://cio.ubc.ca/security-standards-home/information-security-policy-standards-and-resources

Unlike Heartbleed and bash vulnerabilities which were server-side, POODLE can be prevented on the server and the client.

  • Server side:
    • Disable SSL v3, and use the newer TLS protocol instead. Refer to the vendor instructions on how to disable SSL v3
  • Client side:
    • Disable SSL v3, and use the newer TLS protocol instead. Refer to the vendor instructions on how to disable SSL v3. Refer to the Useful Links at the end of this document on how to disable SSL v3 in some of the common browsers

Vulnerability Detection

Server side:

  • Use OpenSSL s_client to remotely detect if the server supports SSL v3:
    • Command:
      openssl s_client -connect <server>:<port> -ssl3
      If the connection succeeds, sslv3 is enabled. If it fails, it is disabled. When it fails, you will see something like:
      error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
    • Example:
      C:OpenSSLbin>openssl s_client -connect www.redhat.com:443 -ssl3
      If SSL v3 is disabled, an error similar to the following will be returned:
      1432:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1256
  • Use the following script: #!/bin/bash
    ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
    if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
        if echo "${ret}" | grep -q 'Cipher.*0000'; then
            echo "SSL 3.0 disabled"
        else
            echo "SSL 3.0 enabled"
        fi
    else
        echo "SSL disabled or other error"
    fi
    The command will return ‘SSL 3.0 enabled’ if vulnerable and ‘SSL 3.0 disabled’ if not

Client side:

  • Refer to the clients’ vendor (e.g. Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari) on how to check if SSL v3 is enabled.
  • A number of websites claim that they can detect if your web browser has SSL v3 enabled. Be very cautious as some of these websites could be malicious.

Mechanics of the Attack

  1. Attacker targets a pair of client/server which communicate or can communicate using SSL v3 encryption
  2. Attacker set up MITM (Man in the Middle)
  3. Attacker exploits the vulnerability in SSL v3
  4. Attacker decrypts the communication

Useful Links

NIST Advisory: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

US-Cert Advisory: https://www.us-cert.gov/ncas/alerts/TA14-290A

Microsoft – How to disable SSL v3 in Internet Explorer (Manually or through Group Policies): https://technet.microsoft.com/library/security/3009008.aspx

Mozilla Firefox – How to disable SSL v3 in Firefox: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

Apple – Security Update: https://support.apple.com/kb/HT6531