Tuesday, 6 January 2015

Understanding and Fixing the POODLE TLS Vulnerability (CVE-2014-8730)

Introduction

Transport Layer Security (TLS) and its predecessor; Secure Sockets Layer (SSL) is an encryption protocol used on the internet to encrypt connections between the web browser and the web server.

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text; leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information. 
  
What is POODLE?

The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a man-in-the-middle exploit which takes advantage of Internet and security software clients fallback to SSL 3.0.If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages.
POODLE attack is not considered as serious as the Heartbleed and Shellshock attacks.

Poodle Attack Against TLS

In mid-October, researchers discovered yet another flaw in cryptographic protocol, warned that communications encrypted with secure socket layer (SSL) 3.0 are exposed to POODLE attacks due to a cipher block chaining (CBC) weakness (CVE-2014-3566). Security experts from Google suspected TLS might also be affected with POODLE vulnerability (CVE-2014-8730).

A new variant of the original POODLE attack was announced on December 8, 2014. This attack exploits implementation flaws of CBC mode ciphers in the TLS 1.0 - 1.2 protocols. Even though TLS specifications require servers to check padding, some implementations fail to validate it properly, which make some servers vulnerable to POODLE even if they disable SSL 3.0.

Video : Poodle Vulnerability Explain
 
                                 

The Exploit

Exploiting this attack would be similar to the original POODLE attack. If an attacker is able to carry out MITM attacks, it is possible that they could be used to decode encrypted traffic and allow an attacker to read that user’s traffic. A single character can be decrypted using 256 requests to the original HTTP server; an eight-character password would require 2,048 requests.

The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack. A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical.

Testing for Poodle Vulnerability
  1. To check the user-agent
    https://www.ssllabs.com/ssltest/viewMyClient.html 
  2. To check the web-server
    https://www.ssllabs.com/ssltest/index.html
Fixing the vulnerability

There is no “patch” that can be directly applied as the vulnerability lies in the protocol, not in the implementation. Reports have confirmed that application delivery networking vendors such as F5 Networks and A10 Networks have announced that the flaw exists in some of their products, to which the vendors have already issued patches and workarounds. It is thus recommended to apply patches provided by your vendors if vulnerable.

References
  1. https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  2. https://www.openssl.org/~bodo/ssl-poodle.pdf

No comments:

Post a Comment