There’s a new SSL/TLS problem being announced today and it’s likely to affect some of the most popular web sites in the world, owing largely to the popularity of F5 load balancers and the fact that these devices are impacted. There are other devices known to be affected, and it’s possible that the same flaw is present in some SSL/TLS stacks. We will learn more in the following days.
If you want to stop reading here, take these steps: 1) check your web site using the SSL Labs test; 2) if vulnerable, apply the patch provided by your vendor. As problems go, this one should be easy to fix.
Today’s announcement is actually about the POODLE attack (disclosed two months ago, in October) repurposed to attack TLS. If you recall, SSL 3 doesn’t require its padding to be in any particular format (except for the last byte, the length), opening itself to attacks by active network attackers. However, even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS.
According to our most recent SSL Pulse scan (which hasn’t been published yet), about 10% of the servers are vulnerable to the POODLE attack against TLS.
Update (13 Aug 2015): A new POODLE TLS variant was disclosed in July 2015. SSL Labs will detect it starting with version 1.19.33, which was deployed in production in 1 August 2015. For more information refer to this blog post.
For more information, head to one of these resources:
- Adam Langley – The POODLE Bites Again
- A10 – SECURITY ADVISORY #CVE-2014-8730 (PDF)
- Checkpoint – Check Point response to TLS 1.x padding vulnerability
- Cisco – SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
- Cisco (August 2015) – Cisco Bug: CSCuv33150 – Cisco ACE30/4710 TLS Poodle variant vulnerability
- Citrix (CVE-2015-3642) – TLS and DTLS Padding Validation Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway
- F5 – SOL15882: TLS1.x padding vulnerability CVE-2014-8730
- IBM – Security Bulletin: TLS padding vulnerability affects IBM Cognos Business Intelligence (CVE-2014-8730)
- IBM – Security Bulletin: TLS padding vulnerability affects IBM Cognos Metrics Manager (CVE-2014-8730)
- IBM – Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)
- IBM – Security Bulletin: TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)
- IBM – Security Bulletin: TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)
- Juniper – Connect Secure (SSL VPN): How to mitigate any potential risks from the ‘Poodle’ (TLS Variant) vulnerability (CVE-2014-9366)
- Microsoft – We’ve seen reports that some older platforms (e.g., Windows 2008) appear vulnerable, but no apparent patterns or reliable information so far.
I’ll keep this post up-to-date as new information becomes available. Thanks to j-mailor for sending me links to new advisories as they appear.