POODLE: SSL 3.0 Vulnerability (CVE-2014-3566)

October 14, 2014

Summary

A major flaw, dubbed POODLE, has been discovered by Google in the design of SSL version 3.0.
"POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. 
POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3.0. It does not affect the newer encryption mechansim known as Transport Socket Layer (TLS)." [1]

Impact

Successful exploitation can lead to man-in-the-middle attacks that recover cleartext information from a SSLv3 connection.

Vulnerable

  • SSL version 3.0
  • Web servers that allow SSLv3 connections
  • Web browsers or other client software that support SSLv3 connections
  • Other legacy services that support SSLv3

Recommendations

Server Recommendations

  • Information Security and Policy is recommending that campus service providers running web servers and services immediately disable support for SSL version 3.0 at the server level. It is estimated that very few end users and legacy services rely on SSLv3, and impact is expected to be minimal (most affected end users would be using unsupported software such as IE6 and Windows XP anyway). For instance, CloudFare has stated only 0.65% of its HTTPS traffic used SSLv3. [4]
  • Server administrators concerned about potential compatibility issues for end users by removing SSLv3 support may instead enable the TLS_FALLBACK_SCSV mechanism for TLS servers. TLS_FALLBACK_SCSV will prevent attackers from forcing a protocol downgrade. [2]
  • Mozilla Server Side TLS Configuration Examples:

Client Recommendations

  • Power users may disable SSLv3 in their client browsers in order to prevent POODLE.
  • Vendors of common browsers such as Google Chrome and Mozilla Firefox anticipate general, wide release of new browser versions in which SSLv3 is no longer supported or disabled by default. End users should either manually disable SSLv3 or keep their browsers up to date when new releases are launched.
  • Users that must use SSLv3 should avoid public wireless networks and utilize services such as the campus VPN to access legacy SSLv3 services that cannot be upgraded.
  • Mozilla Firefox - Disabling SSLv3 using SSL Version Control:
  • Disabling SSLv3 Support in Browsers:

References