Poodle, first discovered two month ago by Google researchers, is a flaw in the ageing SSL 3.0 protocol used to encrypt traffic between websites and users. This allowed attackers to decode ‘secure' communications like online banking transactions or webmail.
But just when web admins thought it was safe, a new variant has been found that hits the more modern TLS (Transaction Layer Security) protocol used by “some of the most popular websites in the world”, according to an 8 December blog by Ivan Ristic at Qualys.
Ristic says that, according to the latest Qualys SSL Pulse scan, around 10 percent of servers are vulnerable to the Poodle attack against TLS - mainly because of the popularity of F5 load balancers which are impacted.
He adds: “There are other devices known to be affected, and it's possible that the same flaw is present in some SSL/TLS stacks. We will learn more in the following days.”
Google's Adam Langley confirmed in an 8 December blog post that some A10 devices have this problem, as well as the F5 load balancers.
“F5 has posted patches for its products and A10 should be releasing updates today,” Langley said, adding: “I'm not completely sure that I've found every affected vendor but, now that this issue is public, any other affected products should quickly come to light.”
Ristic at Qualys said the latest attack is “slightly easier” to execute than the original Poodle.
Ristic detailed how the weakness works: “SSL 3 doesn't require its padding to be in any particular format (except for the last byte, the length), opening itself to attacks by active network attackers.
“However, even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS.”
Google's Langley agreed that sites should use TLS version 1.2 or later, saying: “Everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken.”
Qualys' SSLLabs site offers a free test for anyone worried their site might be affected by the latest flaw, CVC-2014-8730, at https://www.ssllabs.com/ssltest/.
Analysing the threat, Johannes Ullrich of the SANS Institute downplayed its seriousness, saying: “We still haven't seen widespread exploitation of the Poodle vulnerability. So focus on what Microsoft has to offer first today, then take a look if you still have some outstanding ‘Poodles' in your network.”
However, Ullrich pointed out that Kaspersky's Internet Security product still supports SSLv3 “and may cause connections to be downgraded to SSLv3, even if the user's browser no longer supports SSLv3”.
Gavin Millard, EMEA technical director at Tenable, warned the flaw could lead to man-in-the-middle attacks.
He told SCMagazineUK.com via email: “After the configuration changes required by administrators of sites affected previously by Poodle, and the browser changes finally being released by Google and Firefox, many will have to again patch SSL/TLS - otherwise communications between businesses and customers is insecure or open to manipulation or man-in-the-middle attacks.”
But Millard added: “Looking at the positives, CVE-2014-8730 appears to affect fewer websites than the original Poodle vulnerability, with the initial reports pegging it in the realms of 10 percent - plus the overworked IT operations teams are surely proficient now in updating broken implementations of SSL after the disclosures we've seen throughout the year.”
Meanwhile, Graeme Batsman, security director of EncSec, said there was a danger the Poodle bug might get lost in the barrage of recent scare stories about data breaches and vulnerabilities.
He told SCMagazineUK.com: “Potentially we are or will see the ‘cry wolf' effect. Recently there have been so many stories about Target, Sony and flaws relating to WordPress or TLS/SSL that people may switch off, or the flaws may not get such coverage like Heartbleed did.
“According to Qualys 10 percent of the web's servers are affected which is lower than other bug announcements. As with all bugs check the vendor for patch releases - F5 and A10 have already or soon will release a patch.”
According to online publication Ars Technica, sites initially vulnerable to the problem included those operated by Bank of America, VMware and the US Department of Veterans' Affairs.