Google Inc on its blog announced that three of its security researchers have discovered a critical security bug in the design of SSL3.0 web encryption technology that could allow attacker to steal data, take over accounts for email and other services. The bug is dubbed a “Poodle” attack. CVE20143566 has been allocated for this protocol vulnerability.
It was the 3rd time same year that security researchers have discovered a critical bug in widely used web encryption technology, following April’s “Heartbleed” vulnerability in OpenSSL and “Shellshock” bug in Unix software known as Bash.
Security researchers said that attackers could steal browser “cookies” in “Poodle” attacks, taking control of email accounts, banking and social networking accounts. ,Vice president with cloud security firm Adallom, Tal Klein said,
“If the Threat Level of Shellshock and Heartbleed is 10, then Poodle is more likely a 5 or a 6,” .
What is SSL 3.0 ?
SSL 3.0 is an obsolete and insecure protocol which is used for web encryption. SSL 3.0 is 15 years old but but support for it remains widespread. While for most purposes it has been replaced by its successors TLS 1.0, TLS 1.1 AND TLS 1.2. However SSL 3.0 is still being widely used to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used.
However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serverside interoperability bugs. In this Security Advisory, we discuss how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0 Reads the Advisory document.
Poodle Attack (Padding Oracle On Downgraded Legacy Encryption)
POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow attackers, to steal “secure” HTTP cookies (or other bearer tokens such as HTTP Authorization header contents). The critical bug lies in SSL3.0 which is most commonly not used these days, however in case of a failed connection caused by a Attacker the browsers with new protocols will also try older protocol version including SSL 3.0
To work with legacy servers, many TLS clients implement a downgrade dance: in a first handshake attempt, offer the highest protocol version supported by the client; if this handshake fails, retry with earlier protocol versions. Unlike proper protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers. So if an attacker that controls the network between the client and the server interferes with any attempted handshake offering TLS 1.0 or later, such clients will readily confine themselves to SSL 3.0
Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate the issue but can cause significant compatibility problems, Said Google.
A permanent fix to the problem is to add “TLS_FALLBACK_SCSV support” which helps to solve the problem of trying the handshake with older protocol versions in case of a failed connection. and thus preventing the browser to use the older SSL 3.0. which will also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks,
Since February Google servers including Google Chrome have supported TLS_FALLBACK_SCSV which can be used with any compatibality issues. However, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. which may break some sites and those sites will need to be updated quickly.
Google said it will be completely removing the support for SSL 3.0 from its client products in the coming months.