The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.
ImpactCVSS v2 Base Score: 4.3 (MEDIUM)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information
97% of SSL web servers are likely to be vulnerable to POODLE. Similar to the Heartbleed vulnerability, POODLE is an information-disclosure bug rather than a code-injection. It leaves encrypted data open to snooping.It relies on Web servers and browsers that allow the use of the old SSL version 3 protocol to secure its communications. SSL has been surpassed by Transport Layer Security; it’s still widely supported on both servers and clients, and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte at time of the encrypted data, and therefore extract the plain text of the message byte by byte.
Your servers are vulnerable simply if they support SSLv3. Several options here:
nmap -p 443 –script ssl-enum-ciphers (Target URL)
If you see a poodle below, then your browser supports SSLv3 via block ciphers, and you maybe vulnerable. If you see a Springfield Terrier below, your browser doesn’t support SSLv3, or only supports SSLv3 using stream ciphers.
- Check to see if SSL 3.0 is disabled on your browser (for example, in Internet Explorer it is under Internet Options, Advanced Settings).
- Avoid MITM attacks by making sure “HTTPS” is always on the websites you visit.
- Monitor any notices from the vendors you use regarding recommendations to update software or passwords.
- Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain.
The easiest and most robust solution to POODLE is to disable SSLv3 support on your server.
To disable SSLv3 on your Apache server you can configure it using the following, both in the SSL configuration section and in all SSL-enabled virtual hosts explicitly:
SSLProtocol All -SSLv2 -SSLv3
This will give you support for TLSv1.0, TLSv1.1 and TLSv1.2, but explicitly removes support for SSLv2 and SSLv3. Check the config and then restart Apache.
sudo service apache2 restart
Disabling SSLv3 support on NginX is also really easy.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Similar to the Apache config above, you will get TLSv1.0+ support and no SSL. You can check the config and restart.
sudo nginx -t
sudo service nginx restart
Involves some registry tweaks and a server reboot. Modify/create a registry DWORD value.