Thursday, October 16, 2014

POODLE: SSLv3 vulnerability (CVE-2014-3566)


What is the POODLE Vulnerability?


The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.


Background Information

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory.
POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechansim known as Transport Layer Security (TLS).


Impact

Exploiting this vulnerability is not easily accomplished. Man-in-the-middle attacks require large amounts of time and resources. While likelihood is low, Red Hat recommends implementing only TLS to avoid flaws in SSL.


Validating/Testing SSL (Server)

create this script to test:


#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-"$1"}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
  if echo "${ret}" | grep -q 'Cipher.*0000'; then
    echo "SSLv3 disabled"
  else
    echo "SSLv3 enabled"
 fi
else
  echo "SSL disabled or other error"
fi


# ./poodle-detect-sslv3.sh localhost

 
References:
 
Red Hat - Kbase
Qualys - Overview SSLv3 Poodle
  

No comments:

Post a Comment