POODLE – Wikipedia

shape of message tamper
This article is about the security vulnerability. For the cad engender, see poodle

POODLE
CVE identifier(s) CVE-2014-3566
Date discovered October 14, 2014 ; 7 years ago

( )

Discoverer Bodo Möller, Thai Duong, Krzysztof Kotowicz (Google Security Team)
Affected software Any software that supports a fallback to SSL 3.0

POODLE ( which stands for “ Padding Oracle On Downgraded Legacy Encryption “ ) is a security vulnerability which takes advantage of the disengagement to SSL 3.0. [ 1 ] [ 2 ] [ 3 ] If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of code messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability ; they disclosed the vulnerability publicly on October 14, 2014 ( despite the newspaper being dated “ September 2014 ” [ 1 ] ). [ 4 ] On December 8, 2014 a version of the POODLE vulnerability that affected TLS was announced. [ 5 ] The CVE-ID associated with the master POODLE attack is CVE – 2014-3566. F5 Networks filed for CVE – 2014-8730 as well, see POODLE attack against TLS section below .

prevention [edit ]

To mitigate the POODLE attack, one approach is to completely disable SSL 3.0 on the client side and the server side. however, some erstwhile clients and servers do not support TLS 1.0 and above. thus, the authors of the paper on POODLE attacks besides encourage browser and server implementation of TLS_FALLBACK_SCSV, [ 6 ] which will make downgrade attacks impossible. [ 1 ] [ 7 ] Another extenuation is to implement “ anti-POODLE record cleave ”. It splits the records into several parts and ensures none of them can be attacked. however the trouble of the cleave is that, though valid according to the specification, it may besides cause compatibility issues due to problems in server-side implementations. [ 8 ] A full list of browser versions and levels of vulnerability to different attacks ( including POODLE ) can be found in the article Transport Layer Security. Opera 25 implemented this extenuation in addition to TLS_FALLBACK_SCSV. [ 9 ] Google ‘s Chrome browser and their servers had already supported TLS_FALLBACK_SCSV. Google stated in October 2014 it was planning to remove SSL 3.0 support from their products wholly within a few months. [ 7 ] Fallback to SSL 3.0 has been disabled in Chrome 39, released in November 2014. [ 10 ] SSL 3.0 has been disabled by default option in Chrome 40, released in January 2015. [ 11 ]

Mozilla disabled SSL 3.0 in Firefox 34 and ESR 31.3, which were released in December 2014, and added back of TLS_FALLBACK_SCSV in Firefox 35. [ 12 ] Microsoft published a security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS, [ 13 ] and on October 29, 2014, Microsoft released a repair which disables SSL 3.0 in Internet Explorer on Windows Vista / Server 2003 and above and announced a plan to disable SSL 3.0 by default option in their products and services within a few months. [ 14 ] Microsoft disabled disengagement to SSL 3.0 in Internet Explorer 11 for Protect Mode sites on February 10, 2015, [ 15 ] and for other sites on April 14, 2015. [ 16 ] Apple ‘s Safari ( on OS X 10.8, io 8.1 and late ) mitigated against POODLE by removing corroborate for all CBC protocols in SSL 3.0, [ 17 ] [ 18 ] however, this left RC4 which is besides completely broken by the RC4 attacks in SSL 3.0. [ citation needed ]. POODLE was wholly mitigated in OS X 10.11 ( El Capitan 2015 ) and iOS 9 ( 2015 ). To prevent the POODLE attack, some web services dropped support of SSL 3.0. Examples include CloudFlare [ 19 ] and Wikimedia. [ 20 ] Network Security Services interpretation 3.17.1 ( released on October 3, 2014 ) and 3.16.2.3 ( released on October 27, 2014 ) introduced support for TLS_FALLBACK_SCSV, [ 21 ] [ 22 ] and NSS will disable SSL 3.0 by default in April 2015. [ 23 ] [ needs update ] OpenSSL versions 1.0.1j, 1.0.0o and 0.9.8zc, released on October 15, 2014, introduced documentation for TLS_FALLBACK_SCSV. [ 24 ] LibreSSL version 2.1.1, released on October 16, 2014, disabled SSL 3.0 by default. [ 25 ]

POODLE attack against TLS [edit ]

A new random variable of the original POODLE attack was announced on December 8, 2014. This attack exploits implementation flaws of CBC encoding manner in the TLS 1.0 – 1.2 protocols. even though TLS specifications require servers to check the pad, some implementations fail to validate it by rights, which makes some servers vulnerable to POODLE evening if they disable SSL 3.0. [ 5 ] SSL Pulse showed “ about 10 % of the servers are vulnerable to the POODLE attack against TLS ” before this vulnerability was announced. [ 26 ] The CVE-ID for F5 Networks ‘ execution wiretap is CVE – 2014-8730. The submission in NIST ‘s NVD states that this CVE-ID is to be used only for F5 Networks ‘ implementation of TLS, and that other vendors whose products have the like failure to validate the padding mistake in their implementations like A10 Networks and Cisco Systems need to issue their own CVE-IDs for their implementation errors because this is not a flaw in the protocol but in the implementation. The POODLE attack against TLS was found to be easier to initiate than the initial POODLE attack against SSL. There is no motivation to downgrade clients to SSL 3.0, meaning fewer steps are needed to execute a successful approach. [ 27 ]

References [edit ]

informant : https://coinselected.com
Category : crypto topics

Leave a Reply

Your email address will not be published.