POODLE bug, a vulnerability in outdated SSL 3.0 web encryption technology, discovered by Google researchers two months ago is still alive and biting over 10% of world’s most popular websites including the Bank of America and US Department of Veteran’s Affairs, according to the lasted security heads up by researcher Ivan Ristic at Oualys
The original poodle bug allowed an attacker to decrypts secure cookies and intercepts secure Https requests between the users’ browsers and the target server. The attacker would launch a man-in-the middle attack and prevent the proverbial handshake between the client and the server forcing a “Protocol Downgrade dance” until a less secure SSL 3.0 protocol is used.
In response to the original POODLE, browsers disable SLL 3.0 in favor of TLS which is more specific on the contents of the padding and therefore eliminates the attack. Google removed SSL v3 fallback in its Chrome Browser in November, while Firefox killed SSL v3 support early this month. All seemed to be going well until a security researcher Brian smith discovered that attackers could exploit the favored Transport Socket Layer (TLS) protocol.
The new variant Padding Oracle on Downgraded Legacy Encryption (POODLE) attacks more modern websites using the TLS encryption. “Even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS,” wrote Ristic
While acknowledging the flaws, Google’s Adam Langley said exploiting TLS was technically feasible because TLS was basically a subset of SSLv3. That means “you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause any problems in normal operation,” says Langley in a blog post concluding that a POODLE attack would be possible is such an instance where SSLv3 decoding function is used with TLS
The impact of the new flaw is similar to that of original POODLE, but Ristic noted the new POODLE was easier to execute more so because the client does have to downgrade to outdated SSL 3.0 protocol, “TLS 1.2 will do just fine.” This implies that even modern browser where the SSL. 3.0 protocol has been disable could be vulnerable to the new Poodle.
The scope and extent of the vulnerability is still not clear, but Langley warns that all sites using F5 and A10 devices to terminate connections may be vulnerable to new POODLE attacks. F5 has already released a patch for its devices while an A10 patch is should be available in a matter of days. “I’m not completely sure that I’ve found every affected vendor but, now that this issue is public, any other affected products should quickly come to light,” says Langley.
“We still haven’t seen widespread exploitation of the Poodle vulnerability. So focus on what Microsoft has to offer first today, then take a look if you still have some outstanding ‘Poodles’ in your network.” Said Johannes Ulrich of the SANS Institute adding that sites should immediately apply an SSL/TLS patch or risk falling prey to the new POODLE.