A previously discovered attack method that takes advantage of a design flaw in the Secure Socket Layer (SSL) encryption protocol works against certain implementations of the Transport Layer Security (TLS) protocol, as well.
Numerous websites are vulnerable to this Padding Oracle on Downgraded Legacy Encryption (POODLE) exploit. POODLE attacks allow cybercriminals to decrypt the contents of an encrypted session between a browser and a Web server under certain conditions.
No workarounds are available for the TLS flaw that enables the attack, and the only way to address this issue is to install a patch for it. Network load-balancing products from F5 Networks, A10 Networks and potentially other vendors are vulnerable to the issue, Google security engineer Adam Langley said in a blog post Monday.
“Unfortunately, I found a number of major sites that had this problem,” Langley wrote. “I’m not sure that I’ve found every affected vendor, but now that this issue is public, any other affected products should quickly come to light.”
The original POODLE attack, developed by a trio of security researchers at Google earlier this year, basically takes advantage of an inherent weakness in the method the SSLv3 protocol uses to encrypt data blocks. The Google researchers showed how attackers could exploit the weakness to steal authentication cookies from an Internet user’s browser and use the credentials to access associated email, bank and other online accounts belonging to the user.
Though the TLS protocol replaced the SSLv3 standard long ago, many websites still support the older protocol for backward compatibility purposes. The POODLE attack showed how attackers could trick a Web server and a client browser into using the older, vulnerable SSLv3 standard, even if both sides supported more recent versions of the TLS protocol.
Security researchers have previously noted that the only way to mitigate the SSLv3 issue is to disable the backwards compatibility capability that allows products to roll back to the old protocol. Google’s Chrome browser and Mozilla’s Firefox have completely eliminated rollback to SSLv3 following the release of the POODLE report.
However, Langley said his research shows POODLE attacks are still possible against certain TLS implementations such as those found in F5 and A10’s products. The issue has to do with the manner in which the padding structure in TLS is checked in certain products.
“Even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption,” Ivan Ristic, director of application security research at Qualys, Inc., explained in a blog post. “Such implementations are vulnerable to the POODLE attack, even with TLS.”
Major Websites Likely Affected by Attack
The new SSL/TLS issue likely affects some of the most popular websites in the world, considering the large installed base of F5 systems, Ristic said.
“The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute — no need to downgrade modern clients down to SSL 3 first; TLS 1.2 will do just fine,” he said.
In its patch release advisory, A10 said it was notified of the problem with its TLS implementation in early November. The company described the issue as one similar to the one in SSLv3, “where the padding is not defined as part of the protocol.”
Meanwhile, F5 listed all product versions that are vulnerable to POODLE attacks and urged customers to upgrade to product versions that are not vulnerable to the threat.