A vulnerability has been reported in SSL version 3.0, one of the common protocols used to secure Internet traffic. Also known as POODLE (Padding Oracle On Downgraded Legacy Encryption), the vulnerability could allow an attacker to compromise the encrypted communication between a client (e.g. web browser) and server (e.g. web site) who have negotiated to use SSL v3 as their encryption protocol . For more information about this vulnerability, please see:
Severity
Medium
- Risk: Low
- The exploit requires the attacker to set up a Man in the Middle. This is fairly sophisticated to do
- The exploit works only if SSL v3 is enabled on both the client and server and only if they both negotiate down to SSL v3
- Impact: High
- Once compromised, the attacker can convert the encrypted contents, between server and client, into plain text
Impacted Systems
- Any system that has SSL v3 enabled
Recommendation
Please refer to the Information Security Standards #16 – Cryptographic Controls:
http://cio.ubc.ca/security-standards-home/information-security-policy-standards-and-resources
Unlike Heartbleed and bash vulnerabilities which were server-side, POODLE can be prevented on the server and the client.
- Server side:
- Disable SSL v3, and use the newer TLS protocol instead. Refer to the vendor instructions on how to disable SSL v3
- Client side:
- Disable SSL v3, and use the newer TLS protocol instead. Refer to the vendor instructions on how to disable SSL v3. Refer to the Useful Links at the end of this document on how to disable SSL v3 in some of the common browsers
Vulnerability Detection
Server side:
- Use OpenSSL s_client to remotely detect if the server supports SSL v3:
- Command:
openssl s_client -connect <server>:<port> -ssl3
If the connection succeeds, sslv3 is enabled. If it fails, it is disabled. When it fails, you will see something like:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure - Example:
C:OpenSSLbin>openssl s_client -connect www.redhat.com:443 -ssl3
If SSL v3 is disabled, an error similar to the following will be returned:
1432:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1256
- Command:
- Use the following script:
#!/bin/bashThe command will return ‘SSL 3.0 enabled’ if vulnerable and ‘SSL 3.0 disabled’ if not
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
if echo "${ret}" | grep -q 'Cipher.*0000'; then
echo "SSL 3.0 disabled"
else
echo "SSL 3.0 enabled"
fi
else
echo "SSL disabled or other error"
fi
Client side:
- Refer to the clients’ vendor (e.g. Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari) on how to check if SSL v3 is enabled.
- A number of websites claim that they can detect if your web browser has SSL v3 enabled. Be very cautious as some of these websites could be malicious.
Mechanics of the Attack
- Attacker targets a pair of client/server which communicate or can communicate using SSL v3 encryption
- Attacker set up MITM (Man in the Middle)
- Attacker exploits the vulnerability in SSL v3
- Attacker decrypts the communication
Useful Links
NIST Advisory: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
US-Cert Advisory: https://www.us-cert.gov/ncas/alerts/TA14-290A
Microsoft – How to disable SSL v3 in Internet Explorer (Manually or through Group Policies): https://technet.microsoft.com/library/security/3009008.aspx
Mozilla Firefox – How to disable SSL v3 in Firefox: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
Apple – Security Update: https://support.apple.com/kb/HT6531