A Shaggy POODLE Story With a Sad End

Encryption has always been a sensitive subject to people dealing with valuable information, which is also true for most Internet users as they have at least some personal information if not sensitive banking data stored online. When the news of the Heartbleed bug hit the online community people were shocked but nothing could prepare them for the barrage of vulnerabilities in the OpenSSL library that followed. Now we present to you the latest in a long line of bugs and weaknesses in SSL – the POODLE bug.

This bug affects the SSL v3.0 which although deemed insecure and obsolete is still in use on older systems and supported in newer ones to solve compatibility issues with legacy systems. On most systems the SSL v3.0 is replaced by the newer and improved TLS (v1.0, v1.1, v1.2), but when two systems with different versions of the encryption software interact a negotiation is started. With a series of handshakes the systems find out which is the latest supported version of the encryption protocols. First the highest version is offered, if the other system doesn’t support it the previous version is offered and so on, until a suitable one is used. This downgrade of encryption protocols is also actively used to avoid any bugs that may occur on the server-side.

The way an attacker can exploit this bug is by assuming a man in the middle position between two systems. He then interferes with the handshakes and to the ones offering TLS v1.0 or later a reply is returned to downgrade the encryption to SSL v3.0. As SSL uses nondeterministic CBC padding, this allows an attacker with a man-in-the-middle position, to obtain information in clear-text using a padding-oracle attack. This is also where this bug gets its name from: Padding Oracle On Downgraded Legacy Encryption (POODLE).

This vulnerability has been determined MEDIUM by the National Vulnerability Database, but this doesn’t mean it can’t cause severe damage. To ease the nerves of all of Vistnet’s clients we would like to announce that the SSL v3.0 protocol has been disabled by default throughout our whole infrastructure and there is no customer or any other sensitive information leaked. Vistnet uses TLS v1.2 protocol which is no way vulnerable to the POODLE bug. All of our clients can rest assured that any vulnerability is taken care of in a timely fashion throughout our whole infrastructure.

The main recommendation to protect against POODLE is disabling SSL v3.0 protocol in the client and server side. This will completely eliminate the vulnerability, but is not an option for older systems that support only SSL v3.0 and can be impractical when legacy support is needed. Another option is including the values 0x56 and 0x00 in ClientHello. Cipher_suites which will reject the connection when under a downgrade attack.

The leaking bucket which is SSL, has got yet another hole through which users’ valuable information can freely leak. Although this greatly increases the paranoia factor for all Internet users, this is not all bad news. The discovery of vulnerabilities means that encryption software is being extensively scrutinized and examined and improvements are applied. This is a slow and painful process and we should be always on the lookout for the next bug, while employing all the protective measures available.

Leave a Reply

Your email address will not be published. Required fields are marked *