Newly discovered web encryption bug in SSL 3.0 can cause ‘Poodle’ Attack
Google Inc. said on Tuesday that a critical vulnerability in the design of SSL3.0 can lead to Poodle Attack. The bug which was discovered by three of the Google Inc researchers allows the plaintext (non encrypted) of secure connections to be calculated by a network attacker which can allow the potential attacker to steal data.
What is SSL 3.0 ?
SSL 3.0 is an obsolete and insecure protocol used for web encryption, with SSL 3.0 being nearly 15 years old it has been replaced by its successors TLS 1.0, TLS 1.1, and TLS 1.2. however SSL 3.0 is still being widely used. many TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serverside interoperability bugs. The Google Security Advisory discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0
Poodle Attack (Padding Oracle On Downgraded Legacy Encryption)
Poodle Attack allows a attacker to steal “secure” HTTP cookies, authorization tokens and other data from the victim. The bug lies in the obsolete SSL3.0 which is most commonly not used these days, however Incase of a failed connection caused by a network attacker the browsers with new protocols will also try older protocol version including SSL 3.0
To work with legacy servers, many TLS clients implement a downgrade dance, in a first handshake attempt, offer the highest protocol version supported by the client, if this handshake fails, retry with older protocol versions. Unlike proper protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers. So if an attacker that controls the network between the client and the server interferes with any attempted handshake offering TLS 1.0 or later, Google said.
Workaround or Mitigation
Google said that, disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate the issue but can cause significant compatibility problems.
A permanent fix to the problem is to add “TLS_FALLBACK_SCSV support” which helps to solve the problem of trying the handshake with older protocol versions in case of a failed connection. and thus preventing the browser to use the older obsolete SSL 3.0. which will also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks,
Google servers including Google Chrome have supported TLS_FALLBACK_SCSV since February 2014 which can be used to mitigate any compatibility issues. However, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. which may break some sites and those sites will need to be updated quickly.
Google said it will be completely removing the support for SSL 3.0 from its client products in the coming months.
You can check if you are vulnerable to the SSL 3.0 aka Poodle handshake on this site. If this site open up with a Spring Terrier image, your network is safe but if it opens with a ‘Poodle’ image, you are vulnerable.