The POODLE Attack

In mid-October a serious security bug in Secure Socket Layer (SSL) 3.0 was revealed. SSL is the technology that many commercial web sites use to safeguard the security and privacy of communications with clients and customers. Given the name “POODLE,” an acronym for Padding Oracle On Downgraded Legacy Encryption, all systems and applications that utilize the SSL 3.0 with cipher-block chaining (CBC) mode were vulnerable. Here, an attacker would inject malicious JavaScript into the victim’s browser allowing them to observe and tamper with encrypted network traffic on the wire.

On December 8^th, it was announced that there was a new POODLE flaw that extends to specific versions of an SSL-like encryption standard known as Transport Layer Security (TLS). As POODLE has been repurposed to attack TLS, it was discovered that although TLS is very strict about how its padding is formatted, some implementations omit to check the padding structure after decryption takes place. The main target of POODLE TLS is browsers, as the attacker must inject malicious JavaScript to initiate the attack. The impact of this issue is very similar to POODLE and even easier to execute as there is no need to downgrade modern clients down to SSL 3 first. If an attack is successful it will take about 256 requests to uncover one cookie character or only 4096 requests for a 16-character cookie.

The POODLE attack is considered to have less potential risk than the Shellshock and Heartbleed attacks but that does not mean it should be ignored. Users can disable SSL 3 in their browsers easily to protect themselves from potential attacks. Web site operators should take the action to disable SSL 3 on their servers as soon as possible even if the most recent TLS version is supported. An active MITM attacker can force browsers to downgrade their connections down to SSL 3 and then be exploited.