What is POODLE vulnerability? CVE-2014-3566

A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption.POODLE can be used to target browser-based communication that relies on the Secure Sockets Layer (SSL) 3.0 protocol for encryption and authentication.

POODLE stands for “Padding Oracle On Downgraded Legacy Encryption.” The security issue is exactly what the name suggests, a protocol downgrade that allows exploits on an outdated form of encryption.

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.

POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you for example, on the same Starbucks Wi-Fi network you’re using.

The attack works only on traffic sessions using SSLv3. Although this is an old protocol that has been replaced in many client and server configurations with TLS (Transport Layer Security).

To explain this in simpler terms, if an attacker using a Man-In-The-Middle attack can take control of a router at a public hotspot, they can force your browser to downgrade to SSL 3.0 (an older protocol) instead of using the much more modern TLS (Transport Layer Security), and then exploit a security hole in SSL to hijack your browser sessions. Since this problem is in the protocol, anything that uses SSL is affected.

As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.

But many browser clients and web servers that use TLS for connections still support SSLv3. Some products like Windows XP, only use SSLv3.

There are also clients that support SSLv3 as an alternative to use whenever a TLS connection to a web server fails. An attacker could exploit this compatibility to downgrade a connection to SSLv3 and then conduct the POODLE attack to hijack your session.

“This attack is really against clients—you have to worry about it if you’re in a place like Starbucks,” says Rob Graham, CEO of Erratasec. “If you’re at home then there is very low risk.So as a home user, you don’t need to panic.

Heartbleed and Shellshock were vulnerabilities that allowed an attacker to hack a server. POODLE instead targets the clients.

The POODLE Attack has (CVE-2014-3566) and CVSS score is 4.3

How Do I Check For POODLE?

If you’re concerned that a website you frequently visit has been compromised, you can check by using poodle test  by COMODO.

If a website is vulnerable, then the outcome clearly shows that website is vulnerable else it shows your site is safe.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *