December 10, 2014 By Jaikumar Vijayan 3 min read

A previously discovered attack method that takes advantage of a design flaw in the Secure Socket Layer (SSL) encryption protocol works against certain implementations of the Transport Layer Security (TLS) protocol, as well.

Numerous websites are vulnerable to this Padding Oracle on Downgraded Legacy Encryption (POODLE) exploit. POODLE attacks allow cybercriminals to decrypt the contents of an encrypted session between a browser and a Web server under certain conditions.

No Workarounds

No workarounds are available for the TLS flaw that enables the attack, and the only way to address this issue is to install a patch for it. Network load-balancing products from F5 Networks, A10 Networks and potentially other vendors are vulnerable to the issue, Google security engineer Adam Langley said in a blog post Monday.

“Unfortunately, I found a number of major sites that had this problem,” Langley wrote. “I’m not sure that I’ve found every affected vendor, but now that this issue is public, any other affected products should quickly come to light.”

Both F5 and A10 have issued patches to address the problem highlighted by Langley.

Inherent Weakness

The original POODLE attack, developed by a trio of security researchers at Google earlier this year, basically takes advantage of an inherent weakness in the method the SSLv3 protocol uses to encrypt data blocks. The Google researchers showed how attackers could exploit the weakness to steal authentication cookies from an Internet user’s browser and use the credentials to access associated email, bank and other online accounts belonging to the user.

Though the TLS protocol replaced the SSLv3 standard long ago, many websites still support the older protocol for backward compatibility purposes. The POODLE attack showed how attackers could trick a Web server and a client browser into using the older, vulnerable SSLv3 standard, even if both sides supported more recent versions of the TLS protocol.

Security researchers have previously noted that the only way to mitigate the SSLv3 issue is to disable the backwards compatibility capability that allows products to roll back to the old protocol. Google’s Chrome browser and Mozilla’s Firefox have completely eliminated rollback to SSLv3 following the release of the POODLE report.

However, Langley said his research shows POODLE attacks are still possible against certain TLS implementations such as those found in F5 and A10’s products. The issue has to do with the manner in which the padding structure in TLS is checked in certain products.

“Even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption,” Ivan Ristic, director of application security research at Qualys, Inc., explained in a blog post. “Such implementations are vulnerable to the POODLE attack, even with TLS.”

Major Websites Likely Affected by Attack

The new SSL/TLS issue likely affects some of the most popular websites in the world, considering the large installed base of F5 systems, Ristic said.

“The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute — no need to downgrade modern clients down to SSL 3 first; TLS 1.2 will do just fine,” he said.

Popular Web browsers are most likely going to be the main targets because the attacker must inject malicious JavaScript to initiate POODLE, he said.

In its patch release advisory, A10 said it was notified of the problem with its TLS implementation in early November. The company described the issue as one similar to the one in SSLv3, “where the padding is not defined as part of the protocol.”

Meanwhile, F5 listed all product versions that are vulnerable to POODLE attacks and urged customers to upgrade to product versions that are not vulnerable to the threat.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today