SSL V3 – POODLE Attacks


Vulnerability Description

This is an industry wide vulnerability affecting SSL V3 protocol.  An attacker can conduct a MitM (Man in the Middle) attack to hack session cookies for previously authenticated sessions.  This attack exploits a weakness in the CBC block cipher to decrypt portions of the encrypted traffic.

 

Exposure and Impact

An attacker who successfully exploited this vulnerability could decrypt portions of the encrypted traffic. For the attack to be successful the client and server must both support SSL V3.

 

Remediation & Mitigation

VERT recommends disabling SSL V3 and CBC ciphers on servers and browsers.  If SSL V3 is required for legacy support enabling TLS_FALLBACK_SCSV is suggested, however the only surefire mitigation is to disable SSLv3.

 

Detection

Tripwire IP360 has the following coverage:

  • Tripwire ID 99086: CVE-2014-3566, SSLv3 POODLE Attack
  • Tripwire ID 99087: SSLv3 Enabled
  • Tripwire ID 99136: TLS Fallback Signaling Not Supported

 

References


Tripwire Product Security

To review information regarding the impact of this vulnerability on Tripwire products, including patches and remediation guidance, please review this knowledgebase article in the Tripwire Customer Center.