The security community recently identified a new vulnerability in the SSLv3 protocol, known as POODLE (Padding Oracle On Downgraded Legacy Encryption). This article helps you understand POODLE and the steps you should take to protect your systems.
Recently, researchers uncovered a security flaw in a widely used encryption technology called SSLv3 (Secure Sockets Layer version 3). SSLv3 was utilized by web browsers and similar software for many years and was designed to protect data from being intercepted or modified as it is sent across the internet. The successor to SSL is Transport Layer Security (TLS) which is supported by the majority of modern browsers. The SSLv3 vulnerability may be referred to as “POODLE”, which is the name given to it by researchers and the media.
How about your browser?
It’s important to understand that only the older SSLv3 protocol is vulnerable. Most modern browsers support protocols other than SSLv3, so unless you are using Internet Explorer 6 (IE 6), you’re in good shape. If you are using IE 6, we strongly recommend that you upgrade to Internet Explorer 7 (or above) or choose an alternative browser, such as Firefox, Opera or Chrome.
Use this third-party service to check your browser for vulnerability: https://www.poodletest.com/
If you remain on IE 6, keep in mind that IE 6 is NOT SUPPORTED and you will experience problems:
- From any LogMeIn website, you will receive the following message: “Internet Explorer cannot display the webpage”
- When attempting to use the LogMeIn Client, you will be unable to login or connect
But there’s a slight catch…
Even modern browsers are sometimes set to work around interoperability bugs in older servers by connecting using a downgraded protocol. Even when both sides of the connection support higher, more secure protocols, an active man-in-the-middle POODLE attack can utilize the one-sided weakness and downgrade the connection to SSLv3 and exploit the protocol’s vulnerability to gain access to the encrypted connection.
And a solution!
If either side of the connection explicitly disallows SSLv3 then the vulnerability cannot be exploited.
- As a browser user, it’s best to disable SSLv3 in your browser. This will actually be done for you in the next versions of most popular browsers, such as Firefox and Chrome.
- As someone running a webserver (like LogMeIn), the best thing to do is totally disable SSLv3 on the server side. And that’s just what LogMeIn will do. To ensure security of all users, we will disable SSLv3 support on our webservers starting today (20th October). The only small downside to this change is that anyone still using Internet Explorer 6 (which does not support the latest protocols) will no longer be able to communicate with any LogMeIn websites.
- Going above and beyond what’s needed to respond to POODLE, we will disable SSLv3 support on all other servers from in coming weeks. This will impact all older versions of LogMeIn products : After this update, only the versions listed below (or newer) will able to access LogMeIn services.
Addition detail about how POODLE works
POODLE represents a broad vulnerability that can potentially allow an attacker to gain access to the contents of encrypted communications. As discussed above, browsers are sometimes set to work around interoperability bugs in older servers by connecting using a downgraded protocol. By simulating a failure when establishing a connection to server, an adversary can trick a browser and server into renegotiating their connection via an older protocol (SSLv3). Since the POODLE vulnerability is inherent to the protocol itself, not the server, the problem cannot be patched out like ShellShock and HeartBleed.
On a day when system administrators were already taxed addressing several security updates released by Microsoft, Oracle, and Adobe, there is now word of a new security hole discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers—Bodo Moller, Thai Duong, and Krzysztof Kotowicz. They published a paper (.pdf) about it today.
POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.
To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using. This makes it less severe than an attack that can be conducted remotely against any computer on the Internet.
The attack works only on traffic sessions using SSLv3. Although this is an old protocol that has been replaced in many client and server configurations with TLS (Transport Layer Security), many browser clients and web servers that use TLS for connections still support SSLv3. Some products and browsers, like Internet Explorer 6 for Windows XP, only use SSLv3. There are also clients that support SSLv3 as an alternative to use whenever a TLS connection to a web server fails. An attacker could exploit this compatibility to downgrade a connection to SSLv3 and then conduct the POODLE attack to hijack your session.
Google’s security team has recommended that systems administrators simply turn off support for SSLv3 to avoid the problem. But this will mean that some users trying to connect securely to a web server using SSLv3 will have trouble connecting if they’re using a client that only supports this protocol.
“This attack is really against clients—you have to worry about it if you’re in a place like Starbucks,” says Rob Graham, CEO of Erratasec. “If you’re at home there’s probably no one man-in-the-middling you except the NSA. So as a home user, you don’t need to panic. As a server [administrator], you probably don’t need to panic if your customers are coming in over home connections. Only if they’re coming in over [something like] a Starbucks Wi-Fi.”
Heartbleed and Shellshock were vulnerabilities that allowed an attacker to hack a server. POODLE instead targets the clients.
“The fear of rushing to go fix this is very low because of that,” Graham says. “People with servers can’t get hacked, and people with [vulnerable] clients also can’t get hacked unless they’re on an open Wi-Fi.”