Fix for ‘POODLE’ Attack Against SSL 3.0 Vulnerability
‘POODLE’ attack could exploit a newly discovered vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability allows for a Man-in-the-middle (MiTM) attack to recover plaintext from encrypted SSL 3.0 connections and possibly exploit the negotiation method used by the client and server when determining which version of the encryption protocol will be used. In some cases the negotiation manipulation causes SSL handshake errors preventing the establishment of a secure connection. Both attack vectors require a MiTM setup to manipulate network traffic. These attacks are particularly effective against session cookies making web browsers attractive targets.
- Disable SSL 3.0
- Use TLS 1.1 or later
- If using OpenSSL, apply available patches
- Both Linux/Unix and Microsoft OS are affected
- Web Browsers are typically affected by encryption protocol version negotiation. (Firefox supports SSL 3.0 by default)
- All versions of SSL 3.0 are vulnerable to (CVE-2014-3566)
The Masergy Threat Intelligence Team currently has the following alerts to detect the exploitation of these vulnerabilities.
Detected a client browser connecting over SSLv3. SSL 3.0 was succeeded by TLSv1.0 in 1999 and has been confirmed to be vulnerable to the POODLE attack which allows a man-in-the-middle attacker to decrypt traffic.
Possible POODLE attack against server – excessive number of SSL 3.0 fatal alerts. POODLE (Padding Oracle On Downgraded Legacy Encryption) is an attack against a vulnerability (CVE-2014-3566) in SSL 3.0 that allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.
Possible POODLE attack against client – excessive number of SSL 3.0 fatal alerts. POODLE (Padding Oracle On Downgraded Legacy Encryption) is an attack against a vulnerability (CVE-2014-3566) in SSL 3.0 that allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.
The Masergy Threat Intelligence Team will continue to release alerts for these vulnerabilities to all Masergy Unified Enterprise Security (UES) customers as they become available for IDS/IPS Detection + Prevention Modules (DPM). We will also update the Vulnerability Scanning Modules (VSM) with the capability to scan for this vulnerability as updates become available. Learn more about managed security.