Sensitive Data exposure by SSL 3.0 Protocol Vulnerability and POODLE Attack

Original Issue Date:-October 12, 2023
Severity:-High

Software Affected:

  • Any systems or applications utilizing SSL 3.0 as encryption are vulnerable. Such systems may include web servers, web browsers, SSL VPNs, email gateway appliances etc. that have SSL 3.0 enabled.

Abstract:

The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3.

Technical Description:

As the name implies, it combines a padding oracle attack and a protocol downgrade attack. The POODLE attack can be used against all devices that supports SSL 3.0 with cipher-block chaining (CBC) mode ciphers. This affects web browsers and web servers including any software that either references a vulnerable SSL/TLS library or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability unauthenticated attacker can gain access to personal information such as passwords and cookies within the encrypted web session.

Additionally, Even if both the client and server support TLS, the SSL/TLS protocol suite allows for protocol version negotiation. For this negotiation an attacker must have control portions of the client’s side of the SSL connection and also have visibility to cipher text. This “negotiation” is leveraged by the POODLE attack to downgrade the connection to use SSL 3.0.

Vulnerability Assessment:

To verify the vulnerability, it is advised to execute the command mentioned below from external network:

Command:

  • nmap -sV --version-light --script ssl-poodle -p 443 <target>

If the the host/ application is vulnerable, the same would be visible in output.

Countermeasures and Best practices for prevention:

  • Disable SSL 3.0 support fully in system/application configurations.
  • Only enable the secure protocols TLS 1.0 and above.
  • If you cannot disable SSL 3.0 then use TLS_FALLBACK_SCSV cipher suite value for both client and server to prevent downgrade attack, It is implemented by the following upgrades:
    • OpenSSL 1.0.1 users should upgrade to 1.0.1j.
    • OpenSSL 1.0.0 users should upgrade to 1.0.0o.
    • OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
  • If disabling SSL 3.0 is not possible, and TLS_FALLBACK_SCSV also not possible to implement for some reasons, you have one additional option left: carefully disable all cipher suites for SSL 3.0 that run in CBC (cipher-block chaining) mode.
  • Disable SSL 3 in your browser (for example, in Internet Explorer it is under Internet Options, Advanced Settings).
  • Use Updated browsers. Make sure HTTPS is always on the websites you visit to avoid MITM attacks.
  • Avoid potential phishing emails from attackers asking you to update your password.
  • Keep up-to-date patches and fixes on the operating system and application software.

Solution:

Apply the best security practices available at:

References: