October 15, 2014 at 15:32SSLv3 POODLE vulnerability - like BEAST, only easier
As you may know, SSLv3 discovered the possibility of Padding Oracle attacks, which allows an attacker who has any ability to send his data to the server via SSLv3 on behalf of the victim to decrypt 1 byte for 256 requests. This is due to the fact that SSLv3 padding is not taken into account in the MAC.
Theoretically, an attack can be implemented on any service where it is possible to influence the data sent from the attacked side. This is easiest to implement, for example, if an attacker needs to get a cookie on an HTTPS page, adding his code to HTTP pages, which makes controlled requests to HTTPS pages, and replaces encrypted blocks.
In any case, the attacker needs to:
- Have the ability to listen and replace the traffic of the attacked
- Be able to make requests on behalf of the attacker with known attacking text
Vulnerability does not depend on a specific implementation, it is by design. Although the vulnerability only affects CBC mode, it is better to disable SSLv3 completely. SSL time has passed.
How to protect yourself?
Disable SSLv3 on both clients and servers.
In Firefox <34 you need to either install the addon , or
about:config → security.tls.version.min=1In Chrome add
--ssl-version-min=tls1In Internet Explorer, uncheck “SSLv3” in the security settings.
For nginx :
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;For Apache :
SSLProtocol All -SSLv2 -SSLv3For IIS
References
poodlebleed.com - checking servers
www.poodletest.com - checking browsers
poodlebleed.com/ssl-poodle.pdf - Whitepaper
blog.cloudflare.com/sslv3-support-disabled-by-default-due-to-vulnerability - Announcement of disabling SSLv3 on Cloudflare by default
googleonlinesecurity.blogspot.ru/2014/10/this-poodle-bites-exploiting-ssl-30.html - Announcement from Google
security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability - Details on attack
www.imperialviolet.org/2014/10/14/poodle.html - Detailed description of the attack