POODLE May Still be off the Leash with Certain TLS Conditions

poodle 2The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability was initially disclosed as a weakness in the Secure Sockets Layer (SSL) 3.0 protocol. This vulnerability permits data within “secure” communications between a user and an SSL-enabled website to be decrypted under certain conditions. Successful attacks could disclose sensitive information, such as the victim’s session cookies, which could in-turn be used to hijack the victim’s application session.

The Transport Layer Security (TLS) protocol supplants SSL and corrects the underlying flaw that’s present in the legacy protocol. However, several vendors’ TLS implementations do not properly implement the TLS specification and are consequently susceptible to the same attack.

Fortunately, such a scenario affects neither native Microsoft TLS implementations nor OpenSSL (which constitutes the majority of non-native Microsoft TLS implementations). Adam Langley identified and documented this issue on his ImperialViolet blog, and at this time, F5 Networks, A10 Networks, and IBM (IBM HTTP Server and other IBM servers) have issued security advisories and corresponding patches for remediation.

Other TLS implementations may also be vulnerable, but future disclosures will likely be increasingly obscure. Qualys’ SSL Server Test has been updated to test for the TLS variant of this vulnerability and can be used to perform an analysis of questionable TLS-enabled services.

The current SSL Pulse Report (December 6, 2014), which is also the first to include data pertaining to TLS POODLE checks, shows that just over 10% of the services analyzed are vulnerable. While that figure is significant, it is also unsurprising, when F5’s market share is taken into consideration. This figure will hopefully decrease quickly as awareness spreads and vendors’ patches are applied.

Qualys notes that, “A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical.” However, the referenced practicality is still dependent upon specific conditions being met in advance, namely the ability of an attacker to both inject JavaScript into the target web application and capture network communications between the victim and target application.

While that scenario isn’t unheard of, the overall exposure is significantly less than a remotely exploitable vulnerability such as Heartbleed. The greatest exposure for real-world attacks is over public, untrusted networks. Free public WiFi networks are obvious examples of locations where this attack could occur. Users can defend themselves by tunneling their traffic through a VPN in these cases.

But, attacks originating from facilities that manage Internet backbones and target communications that must traverse the Internet would be far more insidious. In these cases, users must ensure they’re using a recent browser that completely mitigates the SSLv3 attack vector and validate that the remote service is not vulnerable to the TLS-based variants of this vulnerability.

In conclusion, the state of SSL/TLS-based security remains in a precarious state as 2014 draws to a close. This year has been particularly brutal to these technologies, with critical flaws being discovered everywhere from specific vendor implementations, to common development libraries, and the protocols themselves.

The most recent SSL Pulse data was also the first to show TLS1.2 breaking the 50% adoption rate (50.1% to be exact — up from 48.1% in early November). This is an important milestone because TLS1.2 currently provides the only unbroken cryptographic configuration, as noted by Adam Langley, but it also demonstrates that there is still a very long road ahead.

About GuidePoint Security

GuidePoint Security, LLC provides customized, innovative and valuable Information Security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Virginia, and with offices in Michigan, New Hampshire, Florida and North Carolina, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.