Google researchers have uncovered a vulnerability in the design of the widely used SSL version 3.0 that allows an attacker to intercept plaintext data from secure connections, putting quite literally millions of browsers in jeopardy.
Researchers Bodo Möller, Thai Duong and Krzysztof Kotowicz created a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack that exploited the flaw, which Kaspersky Lab security expert Sergey Lozhkin, said the vulnerability “allows an attacker to decrypt data transmitted between a user and a website if a vulnerable version of the protocol is in use.”
Since the protocol is so popular, exploitation of the vulnerability “could expose private data, but only if an attacker successfully performed a complicated Man-in-the-Middle (MitM) attack,” Lozhkin said in a statement emailed to SCMagazine.com.
The MitM attack forces “a downgrade to SSL 3.0, an older protocol which the attacker can then exploit,” Jean Taggart, senior security researcher at Malwarebytes Labs, said in a statement emailed to SCMagazine.com. “This is known as a cypher suite rollback attack and allows communications to be intercepted.”
Lozhkin noted that generally, that type of attack “is far from simple, except when connections between the user and the Web are unprotected,” pointing to “internet connections via public Wi-Fi without password protection” as a fertile ground for attackers to “readily launch MitM attacks on ordinary users.”
While saying that POODLE “may not be as bad as Shellshock or Heartbleed” and rating the vulnerability as a “medium threat” in a Wednesday email correspondence with SCMagazine.com, Taggart explained that “anything which can cause supposedly secure data to be intercepted should be taken seriously.”
In a blog post that published a link to details included in an earlier security advisory, Miller said that while disabling support for the nearly 18-year-old SSL 3.0 “is sufficient to mitigate this issue,” it does, in fact raise “significant compatibility problems.” Instead, he recommended supporting TLS_FALLBACK_SCSV, “which solves the problems caused by retrying failed connections” and that “prevents attackers from inducing browsers to use” the aging protocol as well as downgrades from TLS 1.2 to 1.1 or 1.0, which “may help prevent future attacks.”
Google Chrome expert Adam Langley, in a blog post, encouraged users to implement the fallback mechanism. “It doesn't just protect against this specific attack, it solves the fallback problem in general,” he wrote.
Miller noted in the blog that Google Chrome and the company's servers have supported TLS_FALLBACK_SCSV since February so the researchers “have good evidence that it can be used without compatibility problems.” In light of the flaw's discovery, Google Chrome began testing changes “that disable the fallback to SSL 3.0,” wrote Miller. “This change will break some sites and those sites will need to be updated quickly.”
To avoid falling prey to attackers exploiting POODLE, Lozhin advised avoiding the use of public Wi-Fi hotspots “if you're sending valuable information (using online banking, accessing social networks via a browser, etc.),” noting “this is always a risk, but the Poodle vulnerability makes it even more dangerous.”
And he recommended disabling “SSL v3 and all previous versions of the protocol in your browser settings. SSL v3 is 15 years old now and has been superseded by the more up-to-date and widely supported TLS protocol, supported by most modern web browsers.”
Added Taggart, “15 year old cypher suites should also be allowed to quietly go into the night.”
