• »
  • Latest Threats
  • Desktop
  • Server
  • high Severity (Can partially compromise system)

Bug in legacy SSL protocol allows MITM attacker to view https data stream as cleartext

high Severity            Affects:
Legacy Systems and Browsers
SSL 3.0

The legacy SSL 3.0 protocol can allow a man-in-the-middle attacker to view HTTPS data stream or decrypt secure cookie using the oracle-padding attack, a.k.a "POODLE" (Padding Oracle On Downgraded Legacy Encryption)

In order to exploit this flaw, an attacker must have access to the system through which the HTTPS requests pass and also have sufficient privileges to intercept network communications.

Even though SSL 3.0 is a legacy protocol and has been since replaced by the more secure TLS protocol, the majority of systems still implement it as a fallback when communicating with older platforms or when TLS is unavailable.

POODLE attacks work by taking advantage of the non-deterministic padding of the last cypher block in a CBC (Cypher Block Chain.) The last byte in the padding represents how many of the previous bytes are padding bytes, however none of the other padding bytes have any play in checking the integrity of the request. This allows an attacker to substitute the padding cypher block with any of the other cypher blocks and validate the last byte against the known length of the padding bytes. This helps determine the value of each byte one at a time, having a successful server response as validation.

RECOMMENDATION

In order to exploit this flaw, an attacker must have access to the system through which the HTTPS requests pass and also have sufficient privileges to intercept network communications, therefore it is recommended to keep the operating system up-to-date with the latest security patches, the antivirus software and virus definition updated, and make use only of the newest version of popular browsers.

To turn off SSLv3 in Internet Explorer 11:
Settings -> Internet Options -> Advanced Tab -> Uncheck "SSLv3" under "Security" />

Test to see if your browser is vulnerable at www.poodletest.com