POODLE

This article is about the security vulnerability. For the dog breed, see poodle.

POODLE
CVE identifier(s)CVE-2014-3566
Date discoveredOctober 14, 2014; 10 years ago (2014-10-14)
DiscovererBodo Möller, Thai Duong, Krzysztof Kotowicz (Google Security Team)
Affected softwareAny software that uses or supports a fallback to SSL 3.0

POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a security vulnerability which takes advantage of the fallback to SSL 3.0.[1][2][3] If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014 (despite the paper being dated "September 2014"[1]).[4] On December 8, 2014, a variation of the POODLE vulnerability that affected TLS was announced.[5]

The CVE-ID associated with the original POODLE attack is CVE-2014-3566. F5 Networks filed for CVE-2014-8730 as well, see POODLE attack against TLS section below.

Prevention

To mitigate the POODLE attack, one approach is to completely disable SSL 3.0 on the client side and the server side. However, some old clients and servers do not support TLS 1.0 and above. Thus, the authors of the paper on POODLE attacks also encourage browser and server implementation of TLS_FALLBACK_SCSV,[6] which will make downgrade attacks impossible.[1][7]

Another mitigation is to implement "anti-POODLE record splitting". It splits the records into several parts and ensures none of them can be attacked. However the problem of the splitting is that, though valid according to the specification, it may also cause compatibility issues due to problems in server-side implementations.[8]

A full list of browser versions and levels of vulnerability to different attacks (including POODLE) can be found in the article Transport Layer Security.

Opera 25 implemented this mitigation in addition to TLS_FALLBACK_SCSV.[9]

Google's Chrome browser and their servers had already supported TLS_FALLBACK_SCSV. Google stated in October 2014 it was planning to remove SSL 3.0 support from their products completely within a few months.[7] Fallback to SSL 3.0 has been disabled in Chrome 39, released in November 2014.[10] SSL 3.0 has been disabled by default in Chrome 40, released in January 2015.[11]

Mozilla disabled SSL 3.0 in Firefox 34 and ESR 31.3, which were released in December 2014, and added support of TLS_FALLBACK_SCSV in Firefox 35.[12]

Microsoft published a security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS,[13] and on October 29, 2014, Microsoft released a fix which disables SSL 3.0 in Internet Explorer on Windows Vista / Server 2003 and above and announced a plan to disable SSL 3.0 by default in their products and services within a few months.[14] Microsoft disabled fallback to SSL 3.0 in Internet Explorer 11 for Protect Mode sites on February 10, 2015,[15] and for other sites on April 14, 2015.[16]

Apple's Safari (on OS X 10.8, iOS 8.1 and later) mitigated against POODLE by removing support for all CBC protocols in SSL 3.0,[17][18] however, this left RC4 which is also completely broken by the RC4 attacks in SSL 3.0.[citation needed] POODLE was completely mitigated in OS X 10.11 (El Capitan 2015) and iOS 9 (2015).

To prevent the POODLE attack, some web services dropped support of SSL 3.0. Examples include CloudFlare[19] and Wikimedia.[20]

Network Security Services version 3.17.1 (released on October 3, 2014) and 3.16.2.3 (released on October 27, 2014) introduced support for TLS_FALLBACK_SCSV,[21][22] and NSS will disable SSL 3.0 by default in April 2015.[23][needs update] OpenSSL versions 1.0.1j, 1.0.0o and 0.9.8zc, released on October 15, 2014, introduced support for TLS_FALLBACK_SCSV.[24] LibreSSL version 2.1.1, released on October 16, 2014, disabled SSL 3.0 by default.[25]

POODLE attack against TLS

A new variant of the original POODLE attack was announced on December 8, 2014. This attack exploits implementation flaws of CBC encryption mode in the TLS 1.0 - 1.2 protocols. Even though TLS specifications require servers to check the padding, some implementations fail to validate it properly, which makes some servers vulnerable to POODLE even if they disable SSL 3.0.[5] SSL Pulse showed "about 10% of the servers are vulnerable to the POODLE attack against TLS" before this vulnerability was announced.[26] The CVE-ID for F5 Networks' implementation bug is CVE-2014-8730. The entry in NIST's NVD states that this CVE-ID is to be used only for F5 Networks' implementation of TLS, and that other vendors whose products have the same failure to validate the padding mistake in their implementations like A10 Networks and Cisco Systems need to issue their own CVE-IDs for their implementation errors because this is not a flaw in the protocol but in the implementation.

The POODLE attack against TLS was found to be easier to initiate than the initial POODLE attack against SSL. There is no need to downgrade clients to SSL 3.0, meaning fewer steps are needed to execute a successful attack.[27]

References

  1. ^ a b c Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF).
  2. ^ Bright, Peter (October 15, 2014). "SSL broken, again in POODLE attack". Ars Technica.
  3. ^ Brandom, Russell (October 14, 2014). "Google researchers reveal new Poodle bug, putting the web on alert".
  4. ^ "Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback". Google Online Security Blog. Retrieved June 1, 2015.
  5. ^ a b Langley, Adam (December 8, 2014). "The POODLE bites again". Retrieved December 8, 2014.
  6. ^ B. Moeller, A. Langley (April 2015). "RFC 7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks". IETF. doi:10.17487/RFC7507. {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ a b Möller, Bodo (October 14, 2014). "This POODLE bites: exploiting the SSL 3.0 fallback". Google Online Security blog. Google (via Blogspot). Retrieved October 15, 2014.
  8. ^ Langley, Adam (October 14, 2014). "POODLE attacks on SSLv3". imperialviolet.org. Retrieved October 16, 2014.
  9. ^ Molland, Håvard (October 15, 2014). "Security changes in Opera 25; the poodle attacks". Opera security blog. Opera. Retrieved October 16, 2014.
  10. ^ Ilascu, Ionut. "Chrome 39 Disables SSLv3 Fallback, Awards $41,500 / €33,000 in Bounties". Softpedia. Retrieved December 3, 2014.
  11. ^ "Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it". Chromium Code Reviews. Retrieved April 16, 2015.
  12. ^ "The POODLE Attack and the End of SSL 3.0". Mozilla blog. Mozilla. October 14, 2014. Retrieved October 15, 2014.
  13. ^ "Vulnerability in SSL 3.0 Could Allow Information Disclosure". Microsoft TechNet. Microsoft. October 14, 2014. Retrieved October 15, 2014.
  14. ^ "Security Advisory 3009008 revised". Microsoft TechNet. Microsoft. October 29, 2014. Retrieved October 30, 2014.
  15. ^ Oot, Alec (December 9, 2014). "December 2014 Internet Explorer security updates & disabling SSL 3.0 fallback". Microsoft. Retrieved December 9, 2014.
  16. ^ "February 2015 security updates for Internet Explorer". IEBlog. April 14, 2015. Retrieved April 15, 2015.
  17. ^ "About Security Update 2014-005". apple.com. Retrieved June 1, 2015.
  18. ^ "About the security content of iOS 8.1". apple.com. Retrieved June 1, 2015.
  19. ^ Prince, Matthew (October 14, 2014). "SSLv3 Support Disabled By Default Due to POODLE Vulnerability". Cloudflare blog. Cloudflare. Retrieved October 15, 2014.
  20. ^ Bergsma, Mark (October 17, 2014). "Protecting users against POODLE by removing SSL 3.0 support". Wikimedia blog. Wikimedia Foundation. Retrieved October 17, 2014.
  21. ^ "NSS 3.17.1 release notes". Mozilla. October 3, 2014. Archived from the original on April 19, 2019. Retrieved October 27, 2014.
  22. ^ "NSS 3.16.2.3 release notes". Mozilla. October 27, 2014. Archived from the original on April 19, 2019. Retrieved October 27, 2014.
  23. ^ "Disable SSL 3 by default in NSS in April 2015". mozilla.dev.tech.crypto. October 27, 2014. Retrieved October 27, 2014.
  24. ^ "OpenSSL Security Advisory [15 Oct 2014]". OpenSSL. October 15, 2014. Retrieved October 20, 2014.
  25. ^ "LibreSSL 2.1.1 released". LibreSSL. October 16, 2014. Retrieved October 20, 2014.
  26. ^ Ristic, Ivan (December 8, 2014). "Poodle Bites TLS". Retrieved December 8, 2014.
  27. ^ Stosh, Brandon (December 8, 2014). "Nasty POODLE Variant Bypasses TLS Crypto Affecting Over 10 Percent of the Web". Retrieved December 8, 2014.


Read other articles:

Ekonomi Liechtenstein

Ekonomi LiechtensteinVaduzMata uangFranc Swiss (CHF)StatistikPDB$3,2 miliar (KKB, 2009)Pertumbuhan PDB−0,5% (riil, 2009)PDB per kapita$141.100 (KKB, 2008)PDB per sektorPertanian: 7,1%; industri: 42,8%; jasa: 50,1% (2008)Inflasi (IHK)0,2% (CPI, 2011)Pendudukdi bawah garis kemiskinanN/AKoefisien giniN/AAngkatan kerja35.260, 51% di antaranya penglaju dari Austria, Swiss, atau Jerman (2012)Angkatan kerjaberdasarkan sektorPertanian: 0,8%; industri: 39,4%; jasa: 59,95% (2010)Pengangguran2,5% (201...

 

Bandar Udara H. Hasan Aroeboesman

Bandar Udara H. Hasan AroeboesmanH. Hasan Aroeboesman AirportIATA: ENEICAO: WATEInformasiJenisPublikPemilikKementerian Perhubungan Republik IndonesiaPengelolaDirektorat Jenderal Perhubungan UdaraMelayaniEnde, IndonesiaKetinggian dpl15 mdplKoordinat08°50′57″S 121°39′38″E / 8.84917°S 121.66056°E / -8.84917; 121.66056Koordinat: 08°50′57″S 121°39′38″E / 8.84917°S 121.66056°E / -8.84917; 121.66056Situs webhttp://indo...

 

Fire Station No. 11 (Atlanta)

United States historic placeFire Station No. 11U.S. National Register of Historic Places Fire Station No. 11 in 2013Show map of Atlanta MidtownShow map of AtlantaShow map of GeorgiaShow map of the United StatesLocation30 North Ave., Atlanta, GeorgiaCoordinates33°46′17″N 84°23′09″W / 33.77139°N 84.38583°W / 33.77139; -84.38583 (Fire Station No. 11)Arealess than one acreBuilt1907ArchitectMorgan & DillonArchitectural styleBeaux ArtsNRHP ...

Esele Bakasu

Questa voce sull'argomento calciatori congolesi (Rep. Dem. del Congo) è solo un abbozzo. Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Esele Bakasu Nazionalità  RD del Congo Calcio Ruolo Difensore Termine carriera 2002 Carriera Squadre di club1 1997-1999 Vita Club? (?)1999-2001 Cambridge Utd? (?)2001-2002 Paderborn2 (0) Nazionale 1997-2002 RD del Congo24 (1) Palmarès  Coppa d'Africa Bronzo Bu...

 

コルク

この記事は検証可能な参考文献や出典が全く示されていないか、不十分です。出典を追加して記事の信頼性向上にご協力ください。(このテンプレートの使い方)出典検索?: コルク – ニュース · 書籍 · スカラー · CiNii · J-STAGE · NDL · dlib.jp · ジャパンサーチ · TWL(2017年4月) コルクを打ち抜いて作った瓶の栓 コルク(木栓、�...

 

约翰斯顿环礁

此條目可参照英語維基百科相應條目来扩充。 (2021年5月6日)若您熟悉来源语言和主题,请协助参考外语维基百科扩充条目。请勿直接提交机械翻译,也不要翻译不可靠、低品质内容。依版权协议,译文需在编辑摘要注明来源,或于讨论页顶部标记{{Translated page}}标签。 约翰斯顿环礁Kalama Atoll 美國本土外小島嶼 Johnston Atoll 旗幟颂歌:《星條旗》The Star-Spangled Banner約翰斯頓環礁�...

WOKV-FM

News/talk radio station in Atlantic Beach–Jacksonville, Florida For other stations that used the call letters WOKV-FM, see WOKV. WOKV-FMAtlantic Beach, FloridaBroadcast areaJacksonville metro areaFrequency104.5 MHz (HD Radio)Branding104.5 WOKVProgrammingLanguage(s)EnglishFormatNews/TalkSubchannelsHD2: Alternative Rock X99.5AffiliationsFox News RadioCompass Media NetworksPremiere NetworksRadio AmericaOwnershipOwnerCox Media Group(Cox Radio, LLC)Sister stationsWAPE-FMWEZIWHJXWJGLWOKVHistoryFi...

 

Yak

Yak Bos mutus Status konservasiRentanIUCN2892 TaksonomiKerajaanAnimaliaFilumChordataKelasMammaliaOrdoArtiodactylaFamiliBovidaeGenusBosSpesiesBos mutus Przew., 1883 SubspeciesB. g. grunniens B. g. mutusDistribusi EndemikRepublik Rakyat Tiongkok lbs Yak ( Bos grunniens ), juga dikenal sebagai sapi Tartary, sapi pendengus, [1] atau lembu berambut,[2] adalah spesies sapi peliharaan berbulu panjang yang ditemukan di seluruh wilayah Himalaya di Gilgit-Baltistan (Kashmir,Pakistan) ,N...

 

Sentinel-4

Earth observation satellite This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (May 2024) (Learn how and when to remove this message) Sentinel-4ManufacturerAirbus Defence and Space[1]OperatorEumetsatApplicationsEarth observation SpecificationsSpacecraft typeSatelliteBusMeteosat Third Generation-S, Luxor busConstellation1Launch mass3,600 kg (7,937 lb)[2&...

Rurouni Kenshin

Japanese manga series Rurouni redirects here. For the related word for wandering samurai, see Rōnin. Rurouni Kenshin28th tankōbon volume cover, featuring Himura Kenshin (front) and Kamiya Kaoru (back)るろうに剣心 -明治剣客浪漫譚-(Rurōni Kenshin -Meiji Kenkaku Roman Tan-)GenreAdventure[1]Martial arts[2]Romance[2] MangaWritten byNobuhiro WatsukiPublished byShueishaEnglish publisherNA: Viz MediaImprintJump ComicsMagazineWeekly Shōnen JumpDemogra...

 

Albatros ekor-pendek

Albatros ekor-pendek Status konservasi Rentan  (IUCN 3.1)[1] Klasifikasi ilmiah Kerajaan: Animalia Filum: Chordata Kelas: Aves Ordo: Procellariiformes Famili: Diomedeidae Genus: Phoebastria Spesies: P. albatrus Nama binomial Phoebastria albatrus(Pallas, 1769)[2] Sinonim Diomedea albatrus[3] Albatros ekor-pendek (Phoebastria albatrus) adalah spesies burung laut besar yang langka dari pasifik utara. Meski spesies ini masih berhubungan dengan Albatros pasifik u...

 

Quantum Hall effect

Electromagnetic effect in physics The quantum Hall effect (or integer quantum Hall effect) is a quantized version of the Hall effect which is observed in two-dimensional electron systems subjected to low temperatures and strong magnetic fields, in which the Hall resistance Rxy exhibits steps that take on the quantized values R x y = V Hall I channel = h e 2 ν , {\displaystyle R_{xy}={\frac {V_{\text{Hall}}}{I_{\text{channel}}}}={\frac {h}{e^{2}\nu }},} where VHall is the Hall voltage, ...

Princeton Plasma Physics Laboratory

National laboratory for plasma physics and nuclear fusion science at Princeton, New Jersey Princeton Plasma Physics LaboratoryEstablished1961; 63 years ago (1961)Budget$116 million (2021)Field of researchFusion, Plasma Physics, Quantum Information Sciences, Microelectronics, Sustainability SciencesVice presidentDavid J. McComasDirectorSteven Cowley[1]Address100 Stellarator Road, Princeton, New JerseyLocationPlainsboro Township, New Jersey, United States40°20′...

 

Plaza de España (Roma)

Plaza de España Escalinata de la plaza con iglesia de la Trinità dei Monti.UbicaciónPaís Italia ItaliaLocalidad RomaCoordenadas 41°54′21″N 12°28′55″E / 41.90595, 12.48205833CaracterísticasTipo Plaza y Atracción turísticaVías adyacentes Via Condotti, Via del Babuino y Via BorgognonaHistoriaCreación siglo XVIIMapa de localización Localización de la plaza de España en Roma.[editar datos en Wikidata] La plaza de España (en italiano Piazza...

 

Manchester City Football Club

Manchester City F. C.Datos generalesNombre Manchester City Football ClubApodo(s) Citizens (Ciudadanos)Fundación 23 de noviembre de 1880 (143 años) como St. Mark's16 de abril de 1894 (130 años) como Manchester CityColor(es)           Celeste y BlancoPropietario(s) City Football GroupPresidente Khaldoon Al MubarakEntrenador Pep GuardiolaInstalacionesEstadio Etihad StadiumUbicación Mánchester, Reino Unido(Coord. 53°28′59″N 2°12′01″...

Dynabook AZ

Dynabook AZ (AZ05M)なお標準ではデスクトップ壁紙にダイナブックのロゴ入りコンピュータグラフィックが設定されている。写真はショートカットやウィジットの配列が標準ではない Dynabook AZ(だいなぶっくえーぜっと)とは、東芝が販売しているAndroid OSを搭載したクラウドブックである。同社dynabookシリーズの2010年夏モデルとしてリリースされた。 概要 本端末は、形状は�...

 

Book of Concord

Historic doctrinal standard of the Lutheran Church Not to be confused with Formula of Concord. The Book of Concord Title page from the 1580 German editionAuthorJakob Andreae and Martin Chemnitz (compilers)LanguageGermanSubjectLutheranismDoctrine of the Lutheran ChurchPublished1580Publication placeGermany Part of a series onLutheranism Background Christianity Start of the Reformation Reformation Protestantism Doctrine and theology Bible Old Testament New Testament Creeds Apostles' Creed Nicene...

 

朝鮮戦争戦没者慰霊碑

Korean War Veterans Memorial IUCNカテゴリV(景観保護地域) 地域 アメリカ合衆国ワシントンD.C.座標 北緯38度53分16秒 西経77度2分50秒 / 北緯38.88778度 西経77.04722度 / 38.88778; -77.04722座標: 北緯38度53分16秒 西経77度2分50秒 / 北緯38.88778度 西経77.04722度 / 38.88778; -77.04722面積 8,900 m² (2.20 エーカー)創立日 1995年7月27日訪問者数 3,214,467人(2005年)運営組織...

伊藤真澄

伊藤 真澄別名 七瀬光Heart of Air新田真澄生誕 5月21日出身地 日本・茨城県学歴 武蔵野音楽大学ジャンル J-POP・アニメソング職業 シンガーソングライター作曲家編曲家キーボーディストピアニストマニピュレーター担当楽器 ボーカルコーラスピアノキーボードレーベル ランティス公式サイト Rainbow Drops 〜ようこそ!光の音粒の世界へ〜 伊藤 真澄(いとう ますみ、5月21�...

 

Eugène-Jean Damery

Cet article est une ébauche concernant un peintre français. Vous pouvez partager vos connaissances en l’améliorant (comment ?) selon les recommandations des projets correspondants. Eugène-Jean DameryAutoportrait, 1844Naissance 14 septembre 182312ème arrondissement de ParisDécès 29 octobre 1853 (à 30 ans)NiceNationalité française Activité peintreFormation Académie de France à Rome (1844-1848)Distinction premier grand prix de Rome en peinture de 1843modifier - modifier...