What is POODLE vulnerability and How does it affect you ?

What is POODLE?

It stands for “Padding Oracle On Downgraded Legacy Encryption.”.This means a protocol downgrade that allows exploits on an outdated form of encryption.It was first explained in Google Security Advisory.

Poodle

Poodle

To explain this in simpler terms, if an attacker using a Man-In-The-Middle attack can take control of a router at a public hotspot, they can force your browser to downgrade to SSL 3.0 (an older protocol) instead of using the much more modern TLS (Transport Layer Security), and then exploit a security hole in SSL to hijack your browser sessions and get useful information out of your session cookies to your accounts in Google,Yahoo or your bank too. Since this problem is in the protocol, anything that uses SSL is affected.

As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.

Impact

The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.)

How Can We Solve the Problem?

As a user, you want to protect yourself from attacks, and the best way to do that is to disable SSL 3 in your browser.

As a web site operator, you should disable SSL 3 on your servers as soon as possible. You need to do this even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited

Microsoft Advisory

https://technet.microsoft.com/en-us/library/security/3009008.aspx

References


You may also like...

%d