Poodle vulnerability rises again, this time in TLS

Poodle 2.0 vulnerability affects cryptography ciphers less then TLS 1.2

If you remember the Poodle vulnerability which was discovered in October, 2014, you did remember that Google had taken action to contain it on SSLv3 ciphers and done away with the obsolete system(Chrome 40 is scheduled to remove SSLv3 completely while Firefox 34, released Dec 1st has already removed SSLv3 support).  But today security research lab Qualys revealed that the Poodle vulnerability was far from over.

Qualys says that the Poodle vulnerability has resurfaced again, this time in the Transaction Layer Security (TLS).  The new vulnerability which has been designated CVC-2014-8730, the threat vector exploits the same class of problem as old vulnerability.  That is making an error in handling the padding and allowing the attacker to steal steal “secure” HTTP cookies, authorization tokens and other data from the victim.

As per Qualys, the TLS is vulnerable to new Poodle vulnerability because,  “some TLS implementations omit to check the padding structure after decryption”.  The earlier Poodle targeted SSLv3 which is obsolete while the newer Poodle vulnerability exploits TLS 1.2.

What is Poodle

As explained in this post,  Poodle Attack vulnerability bug lies in the obsolete SSL3.0 which is most commonly not used these days, however Incase of a failed connection caused by a network attacker the browsers with new protocols will also try older protocol version including SSLv3.

To work with legacy servers, many TLS clients implement a downgrade dance, in a first handshake attempt, offer the highest protocol version supported by the client, if this handshake fails, retry with older protocol versions. Unlike proper protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers. So if an attacker that controls the network between the client and the server interferes with any attempted handshake offering TLS 1.0 or later.

What is new Poodle

As per Google’s Adam Langley, this vulnerability is caused due to TLS padding issue which is “subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections.”

Langley is a post on ImperativeViolet says that  “This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken. An IETF draft to prohibit RC4 is in Last Call at the moment but it would be wrong to believe that RC4 is uniquely bad. While RC4 is fundamentally broken and no implementation can save it, attacks against MtE-CBC ciphers have repeatedly been shown to be far more practical. Thankfully, TLS 1.2 support is about to hit 50% at the time of writing.”

In non geek terms it means that whichever networks are using any cyrptographic cipher less then TLS 1.2 is vulnerable to the new Poodle vulnerability and cyber security firm F5 Network agrees with him.

Threat Mitigation

F5 Networks on their part have already released patches for this vulnerability and  and A10 should be releasing updates today.

Qualys notes that, if you want to be sure for yourself, you should take the following steps.

  • Check your web site using the SSL Labs test,
  • If vulnerable, apply the patch provided by your vendor.

For F5 Networks support page regarding this vulnerability, visit here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here