The researchers are calling the attack POODLE, or Padding Oracle On Downgraded Legacy Encryption.
“SSL 3.0 is nearly 18 years old, but support for it remains widespread,” Moller wrote in a blog post describing the issue. “Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0.”
“Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue,” Moller added.
While disabling SSL 3.0 support will mitigate the issue, Moller noted, doing so can present significant compatibility problems. “Therefore our recommended response is to support TLS_FALLBACK_SCSV,” he wrote. “This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0.”
For individuals, however, it can be more challenging to find a solution. “There are options in Firefox and Chrome that enable you to turn SSL 3.0 off, but you need to set them up manually and most consumers probably won’t,” Rapid7‘s Jen Ellis wrote in a recent blog post. “Older network devices may only support SSL, and disabling SSL 3.0 could prevent them from being able to configure their modem, router, or printer.”
“This makes it even more imperative for businesses to protect their customers, and consumers should be looking to their vendors to provide updates on whether they have taken the necessary steps to protect themselves,” Ellis added.
Following the disclosure, Twitter announced, “We have disabled SSLv3 protocol support in response to the vulnerability published today.”
“We have had the Web for decades, with billions of users, and still, a decade after introducing a new security protocol, we still have to program each device with complex and faulty ‘controlled downgrade’ mechanisms, because we still have old SSLv3 devices in the field,” Sansa Security CTO Hagai Bar-El noted in an email to eSecurity Planet.
“It should be noted that SSLv3 connections represent only 0.65 percent of all secure connections, but no one wants their device/software to be the one rejecting connections,” Bar-El added. “Due to this small ‘fragmentation,’ we are all held back.”
That’s a particularly relevant concern, Bar-El said, for the fast-growing Internet of Things (IoT). “Since ‘controlled degradation’ is so hard to do right, and since IoT security is heading down the same path, we have to be prepared for a daily supply of Poodles in this space,” he said.
“To begin with, they were (are) both remotely exploitable. You can be sitting on the beach pwning machines on the other side of the world,” Hunt wrote. “POODLE needs the attacker to get in the middle of the traffic so there’s your classic ‘attacker in the coffee shop’ or the good old Wi-Fi Pineapple (or equivalent).”