POODLE for TLS

Bruce Morton (Director, Certificate Technology & Standards; Entrust Datacard) 0 comments

The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730.

POODLE is not a flaw with the certificate authority (CA), SSL certificates or certificate management system. POODLE is a TLS implementation bug.

Adam Langley states that “TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections.”

Ivan Ristić advises “The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack. A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical.”

Tests have shown that the F5 and A10 devices are vulnerable to POODLE for TLS. Qualys SSL Labs has extended their SSL Server Test to cover POODLE for TLS, so you can test your site. If the site is vulnerable it will receive an F grade.

Unlike POODLE for SSL 3.0, the industry is not in a position to turn off all of TLS to mitigate POODLE for TLS. As such vendors must patch to mitigate the vulnerability.