What is POODLE?
POODLE stands for Padding Oracle On Downgraded Legacy Encryption
What is the attack?
The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an older protocol, right back down to SSLv3.
In this way, attacker will learn a single byte of the session cookie with every request and the complete session cookie can be decrypted to gain malicious access to the application.
How to check if I am vulnerable?
Visiting the below URL would confirm if the vulnerability exists.
What is the fix?
- Disable SSLv3 support on the server.
- Use TLS_FALLBACK_SCSV, a mechanism that prevents attackers from forcing Web browsers to use SSL 3.0.For TLS clients:
TLS clients that use a downgrade dance to improve interoperability should include the value 0x56, 0x00 (TLS_FALLBACK_SCSV) in ClientHello.cipher_suites in any fallback handshakes. Thus, in case of a downgrade attack, clients would always fall back to the next lower version (if starting at TLS 1.2, try TLS 1.1 next, then TLS 1.0, then SSL 3.0) (With TLS_FALLBACK_SCSV, skipping a version also could entirely prevent a successful handshake if it happens to be the version that should be used with the server in question.)
For TLS servers:
In TLS servers, whenever an incoming connection includes 0x56, 0x00 (TLS_FALLBACK_SCSV) in ClientHello.cipher_suites, compare ClientHello.client_version to the highest protocol version supported by the server. If the server supports a version higher than the one indicated by the client, reject the connection with a fatal alert.
This use of TLS_FALLBACK_SCSV will ensure that SSL 3.0 is used only when a legacy implementation is involved and attackers can no longer force a protocol downgrade. (Attacks remain possible if bothparties allow SSL 3.0 but one of them is not updated to support TLS_FALLBACK_SCSV, provided that the client implements a downgrade dance down to SSL 3.0.)
- Avoid potential phishing emails from attackers – to avoid going to an impersonated website.
How to fix this vulnerability on servers?
- To disable SSLv3 on the Apache server, the following can be configured:
S S L P r o t o c o l A l l – S S L v 2 – S S L v 3
- This will ensure that TLSv1.0, TLSv1.1 and TLSv1.2 are supported and explicitly remove support for SSLv2 and SSLv3. Check the config and then restart Apache.
a p a c h e c t l c o n f i g t e s t
s u d o s e r v i c e a p a c h e 2 r e s t a r t
- Disabling SSLv3 support on NginX is as follows :
s s l _ p r o t o c o l s T L S v 1 T L S v 1 . 1 T L S v 1 . 2
- Similar to the Apache config above, TLSv1.0+ would be supported and no SSL would be enabled. Check the config and restart :
s u d o n g i n x – t
s u d o s e r v i c e n g i n x r e s t a r t
- Modify / create a registry DWORD value.
H K e y _ L o c a l _ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ S e c u r i t y P r o v i d e r s \ S C H A N N E L \ P r o t o c o l s
- Inside protocols, the S S L 2 . 0 key would be already present, so create S S L 3 . 0 alongside it if needed. Under that create a S e r v e r key and inside there a DWORD value called E n a b l e d with value 0 . Once that’s done reboot the server for the changes to take effect.
How to fix this vulnerability on browsers:
- Type a b o u t : c o n f i g into their address bar
- Type s e c u r i t y . t l s . v e r s i o n . m i n into the search box. This will bring up the setting that needs to be changed from 0 to 1.
- By changing the setting Firefox will be forced to only use TLSv1.0 or better, which is not vulnerable to POODLE.
- Add the command line flag – – s s l – v e r s i o n – m i n = t l s
- In Windows, right click on the Chrome shortcut, hit Properties and add the command line flag
- Go to Settings, Internet Options and click on the Advanced tab.
- Uncheck the U s e S S L 3 . 0 checkbox
Shortcomings in the fix:
Systems using IE6 and Windows XP installations below SP3, will no longer be able to communicate with any site that does not use SSLv3.
Latest posts by Alex Rajan (see all)
- POODLE Advisory - October 20, 2014
- LinkedIn Authorization Bypass Vulnerability To Send Messages - October 18, 2013