Systems Affected by Poodle Attacks or SSLv3
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 as soon as cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the maybe foul language scenarios.
Overview for Poodle Vulnerabilites or Poodle Attacks
US-CERT is au fait of a design vulnerability found in the mannerism SSL 3.0 handles block cipher mode padding. The POODLE enmity demonstrates how an assailant can hurl abuse this vulnerability to decrypt and extract guidance from inside an encrypted transaction.
The SSL 3.0 vulnerability stems from the mannerism blocks of data are encrypted below a specific type of encryption algorithm within the SSL protocol. The POODLE violent behavior takes advantage of the protocol version arbitration feature built into SSL/TLS to force the use of SSL 3.0 and furthermore leverages this additional vulnerability to decrypt pick content within the SSL session. The decryption is ended byte by byte and will generate a large number of associates along along along with the client and server.
While SSL 3.0 is an outdated encryption all right and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this habit), most SSL/TLS implementations remain backwards compatible subsequent to SSL 3.0 to interoperate later legacy systems in the pursuit of a mild fan experience. Even if a client and server both retain a tab of TLS the SSL/TLS protocol suite allows for protocol description arbitration (creature referred to as the downgrade dance in added reporting). The POODLE assault leverages the fact that also a safe relationship drive fails, servers will slip back occurring to older protocols such as SSL 3.0. An attacker who can put into organization a relationship failure can along with force the use of SSL 3.0 and attempt the late late gathering violent behavior. [1 ]
Two auxiliary conditions must be met to successfully slay the POODLE aggravate: 1) the attacker must be clever to control portions of the client side of the SSL association (changing down the input) and 2) the invader must have visibility of the resulting ciphertext. The most common habit to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a combined remove form of seizure to make known that level of entry.
These conditions make vigorous injury somewhat hard. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.
The POODLE onslaught can be used adjoining any system or application that supports SSL 3.0 along along along in the midst of CBC mode ciphers. This affects most current browsers and websites, but as well as includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an provoker can profit entry to sorrowful data passed within the encrypted web session, such as passwords, cookies and adjunct authentication tokens that can with be used to profit more precise admission to a website (impersonating that user, accessing database content, etc.)
Step By Step Solution for Poodle Attacks
Step 1: Login to WHM, open up the Apache Configuration screen, and click on Include Editor.
Step 2: Edit the Includes
Under Pre Main Include, select All Versions. This way your server will be protected if you change your version of Apache. When selected, enter the following into the text box for CentOS/RHEL 6.x:
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
When selected, enter the following into the text box for CentOS/RHEL 5.x:
SSLProtocol -All +TLSv1
…and then click Update. Once you click update, you’ll be prompted to restart Apache; do so at this time.
Step 3: Verify!
To verify you’re covered, run the following command in a terminal as root:
openssl s_client -connect www.yourssldomain.com:443 -ssl3
You’ll know you’ve successfully disabled SSLv3 and protected yourself from the attack POODLE if you see a response similar to this: