What is POODLE?
POODLE stands for Padding Oracle On Downgraded Legacy Encryption.
This SSL v3.0 vulnerability (CVE-2014-3566) allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory. The vulnerability was discovered by Google researchers Bodo Moller, Thai Duong and Krzysztof Kotowicz.
What is the Exposure and Impact of this Vulnerability?
Any website that supports SSL v3.0 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, the web servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This attack relies on behaviour of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.
An attacker who successfully exploited this vulnerability could decrypt portions of the encrypted traffic; grab victim’s session cookies which could be used for logging into webmail and other online accounts. For the POODLE attack to be successful, the client and server must both support SSL v3.0.
How do you test the SSL v3.0 is enabled on a web server?
Run the following command to determine whether SSLv3 is enabled on a server:
$ openssl s_client -connect localhost:443 -ssl3
To test a remote server, use that server's hostname instead of localhost.
How do you fix / remediate this SSL v3.0 vulnerability?
A quick fix is to disable SSL v3.0 or CBC-mode ciphers with SSL v3.0 on all clients and servers. To support legacy systems, it may not be possible to disable SSL v3.0 completely. Google recommends a long term fix to this vulnerability by using a new cipher suite TLS Signaling Cipher Suite Value (SCSV). This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.