Researchers Discover that POODLE Flaw Is Affecting More Web Servers
A TLS padding issue could lead to attack. Also: Microsoft enables POODLE protection in IE 11.
Researchers are warning that the SSL flaw discovered in October may affect some Transport Layer Security (TLS) protocol implementations.
When first revealed in October, the 15-year-old SSL flaw named POODLE (short for padding Oracle on downgraded legacy encryption) was believed to only affect SSL version 3.0. The flaw could grant an attacker access to decrypted information from a secure connection from those servers that use the older SSL 3.0 as a backup default after an initial secure connection is attempted and failed. The flaw was originally thought to only concern those Web servers that supported backwards compatibility for SSL 3.0.
Google security researcher Adam Langley published a blog post this week detailing how he noticed some sites were vulnerable to the same flaw due to the TLS protocol not properly checking the padding used in TLS packets.
"We're removing SSLv3 in favour of TLS because TLS fully specifies the contents of the padding bytes and thus stops the attack," wrote Langley. "However, TLS's padding is a subset of SSLv3's padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn't check the padding bytes but that wouldn't cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections."
Langley said that he found the flaw in many products offered through Web security firms F5 and A10. After alerting F5 to the possible issue, the company released a patch on Monday that looks to stop incorrect TLS padding from being accepted. Langley said that he has yet to get a response from A10 on the issue.
Qualays, Inc. has also released a testing tool to check the safety of Web servers from the flaw. If a specific server is vulnerable, an F grade is given and a message reading "This server is vulnerable to the POODLE attack against TLS servers" will be displayed.
Microsoft Hardens IE Against POODLE
Microsoft released an update for Internet Explorer 11 with its Patch Tuesday release that will give users the option to block the SSL 3.0 fallback error that could lead to attack. The feature, which is only available in Microsoft's latest browser version, is planned to be activated by default in February, according to the company.
"To continue to help protect customers, we are taking the interim step to provide the option to disable SSL 3.0 fallback in Internet Explorer 11 for Protected Mode sites, which is the default for Internet sites and Restricted sites," wrote Alec Oot, a product manager for Internet Explorer.
Once disabled, any sites that use the vulnerable SSL 3.0 or TLS protocols will not properly display until they have been updated with the most recent security patches that guard against POODLE. Microsoft has not said whether it's planning on extending the feature to older versions of its browser.
Many other browsers are also looking to protect users against POODLE. Mozilla has disabled SSL 3.0 support in its latest version of Firefox and Google has announced that the next version of Chrome, which is expected to arrive sometime in January, will also block the protocol.