There is a critical security vulnerability in SSL 3.0 which allows attackers to calculate the plaintext of encrypted connections.
This vulnerability could spell the end to the version of SSL, researchers said. The reason for that is the vulnerability (CVE¬-2014-3566), discovered by Google security researchers and dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), is in the design of the protocol.
Researchers gave details on why the flaw exists and how an attacker can exploit it.
Given that support for SSL 3.0 remains widespread, an attacker that controls the network between the client and the server can exploit the protocol downgrade dance implemented by many clients in order to force the use of SSL 3.0. The POODLE vulnerability, caused by a weakness in the CBC encryption algorithm used in SSL 3.0, allows a man-in-the-middle attacker to intercept HTTPS traffic between the client and server, and decrypt portions of it.
Microsoft said the vulnerability ends up mitigated because the attacker must make several hundred HTTPS requests before the attack could be successful, but the best option for everyone is to switch to using TLS 1.0, TLS 1.1, or TLS 1.2 instead of SSL 3.0, researchers said.
“Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today,” said Bodo Möller, one of the researchers who discovered the vulnerability.
“Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.”
Google already suports the TLS_FALLBACK_SCSV fallback on Google Chrome and its servers, and said it definitely does not create compatibility problems.
“This vulnerability allows an attacker to decrypt data transmitted between a user and a website if a vulnerable version of the protocol is in use,” said Kaspersky Lab Security researcher, Sergey Lozhkin. “The protocol is very popular and exploitation of this vulnerability could expose private data, but only if an attacker successfully performed a complicated Man-in-the-Middle (MitM) attack. Generally this is far from simple, except when connections between the user and the Web are unprotected. Internet connections via public Wi-Fi without password protection are one of the main situations where attackers can readily launch MitM attacks on ordinary users.”
To avoid possible incidents Kaspersky Lab recommends:
• Do not use public Wi-Fi hotspots if you’re sending valuable information (using online banking, accessing social networks via a browser) This is always a risk, but the Poodle vulnerability makes it even more dangerous.
• Disable SSL v3 and all previous versions of the protocol in your browser settings. SSL v3 is 15 years old and superseded by the more up-to-date and widely supported TSL protocol, supported by most modern web browsers. The TSL protocol is not affected by the Poodle vulnerability. However, keep in mind that disabling SSL v3 could cause compatibility problems, so be careful before implementing this measure.