Category: CommunityIs POODLE A Storm In A Teacup?

Share this post...Tweet about this on TwitterShare on Google+0Share on Facebook0

POODLE is the latest in long line of security panics that have hit the headlines in 2014. Once the reserve of specialist publications, vulnerabilities now routinely make their way into the mainstream media, often shorn of nuance and context. There’s no doubt that Heartbleed and Shellshock were critically serious vulnerabilities and both were relatively easy to exploit, but can the same be said of POODLE.

POODLE, a silly name derived from a tenuous acronym (Padding Oracle On Downgraded Legacy Encryption), in theory allows for an attacker to view the plaintext content of a supposedly secure SSL connection.

It relies on two flaws, one in the implementation of SSL 3.0 and one in the way browsers handle SSL negotiations.

SSL 3.0 using the cipher block chaining algorithm pads the final block of its input with extra bytes because it works with blocks of a fixed length. It is possible for an attacker to manipulate the encryption and decryption process and influence what appears in the padding bytes, and, because of the way the server reacts to the contents of the padding, the attacker is able to discover its contents. If you want to understand the full details take a look at this StackExchange article.

All of which would be fine and well if browsers didn’t use what has long been known to be a flawed encryption method. Unfortunately, in an effort to accommodate servers that should have long ago been updated, browsers will attempt to use a more modern version of SSL, but will allow an older version to be used if that’s all the server supports. It’s not difficult to trick a browser into using a lesser protocol with a man-in-the-middle attack, so the attacker simply has to force the browser to use the vulnerable SSL 3.0 and they can read the contents of the connection.

Except it isn’t that easy. To use POODLE in the wild the attacker needs to:

  • Trick a user into connecting to a rogue WiFi
  • Modify the communication coming from the server to the browser to trick it into using SSL 3.0.
  • Inject code into the browser that will cause it to send crafted data that leverages the padding vulnerability.
  • Repeat several hundred times (at least) because each request can only reveal one byte of the required information (usually an authentication cookie)

There’s no doubt that SSL 3.0 shouldn’t be used any more. And there’s no doubt that allowing browsers to downgrade protocols to SSL 3.0 is a mistake (and the advised fix solves the problem by cleverly circumventing the downgrade to SSL 3.0). But it’s not clear how the attack would work in practice: it depends on the ability to inject JavaScript into the page of a secure site like a banking site, which can be done, but if it is then there’s no need to use POODLE because JavaScript that runs within the context of the secure page can already access that page’s cookies. The attacker could use side channel leakage to get that information. If you can carry out the POODLE attack, you don’t need to carry out the POODLE attack.

In conclusion, POODLE is a theoretical vulnerability, worked out from a protocol weakness rather than observed in the wild, and it is unlikely to result in real life exploits.

Image: Flickr/dakiny

Oct 24, 2014, 3:00 pmBy: Corey Northcutt (0) Comments

Leave a Reply
Surround code blocks with <pre>code</pre>

Your email address will not be published.


Sign up to receive periodic InterWorx news, updates and promos!

New Comments

Current Poll

  • This field is for validation purposes and should be left unchanged.