Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.
SSL 3.0 Information Disclosure Vulnerability – How to Disable it
I am using a version of Internet Explorer other than 11. How can I protect my system from this vulnerability?SSL 3.0 has only been disabled in Internet Explorer 11 on all supported editions of Microsoft Windows. If you are using a different version of Internet Explorer, please see the Suggested Workarounds section for workarounds that you can apply to your system to protect it from this vulnerability.
What is the scope of the advisory?The purpose of this advisory is to notify customers that Microsoft is aware of detailed information describing a new method to exploit a vulnerability affecting SSL 3.0. This vulnerability is an information disclosure vulnerability.
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
A vulnerability was found in the SSLv3.0 protocol. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. For more information about this vulnerability, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.
Category "General " Priority "Medium Priority Synopsis It may be possible to obtain sensitive information from the remote host with SSL/TLS-enabled services. Description A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system.TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.This script tries to establish an SSL/TLS remote connection using an affected SSL version and cipher suite, and then solicits return data. If returned application data is not fragmented with an empty or one-byte record, it is likely vulnerable.OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized.Microsoft implemented one-byte fragments as a countermeasure, and the setting can be controlled via the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord.Therefore, if multiple applications use the same SSL/TLS implementation, some may be vulnerable while others may not, depending on whether or not a countermeasure has been enabled.Note that this script detects the vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It does not detect the BEAST attack where it exploits the vulnerability at HTTPS client-side (i.e., Internet browser). The detection at server-side does not necessarily mean your server is vulnerable to the BEAST attack because the attack exploits the vulnerability at client-side, and both SSL/TLS clients and servers can independently employ the split record countermeasure.
Microsoft released a Fix It tool today to allow customers to disable SSL 3.0 in all supported versions of Internet Explorer in light of a recently revealed vulnerability affecting the protocol.
Original: Late on Patch Tuesday three researchers from Google announced the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability CVE-2014-3566 in SSLv3. It is an attack against the protocol itself, meaning that all implementations of SSL are vulnerable, differently from HeartBleed which was a flaw in OpenSSL. Similarly to HeartBleed it is an information disclosure, as a successful attack would be able to steal a session cookie from you, but again differently from HeartBleed it is much harder to exploit in that it requires a MITM (Man in The Middle) position and code on the client to open numerous SSL attempts against a vulnerable server. A successful attack will reveal information about the particular session from that endpoint, again different from Heartbleed where one could gain information about other users.
I see there is no fix for OpenLDAP currently. There's only an article which acknowledges this and then goes on to say you can mitigate this vulnerability by wrapping slapd around stunnel. Do you plan to release comprehensive documentation on how to do this? Is a patch planned for OpenLDAP? Is configuring every LDAP client to use stunnel really an efficient means to disable SSLv3?
The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 ( -bin/cvename.cgi?name=CVE-2014-3566) or POODLE, could expose some deployments that support SSLv3 to a risk of an active Man in the Middle (MITM) attack. A successful attack could lead to the disclosure of the information that is being sent over the encrypted channel.
Vulnerability scans of the ACOS management interface indicate that the HTTPS service support TLS sessions using TLS 1.0 protocol which is no longer considered capable of providing a sufficient level of security TLS sessions or complying with contemporary PCI (Payment Card Industry) security standards [3]. CVE-2011-3389 (aka BEAST attack) is a commonly referenced CVEs for this issue as the commonplace mitigation for this vulnerability is to disable TLS 1.0 support. Accordingly, the following vulnerabilities are addressed in this document.
The POODLE attack exploits protocol fallback from TLS to SSL 3.0 to reveal information from encrypted HTTPS communication. Discovered in 2014, this network attack demonstrated that SSL 3.0 should never be used again, not even as a legacy fallback. This article provides a high-level overview of the POODLE vulnerability and the fate of SSL 3.0.
The POODLE vulnerability was disclosed on October 14th, 2014, and assigned the CVE-ID CVE-2014-3566. While the obvious solution was simply to disable the obsolete SSL v3.0 protocol in web browsers and servers, back in 2014, that would still break a lot of sites and legacy systems. Because the attack only works for block ciphers in CBC mode, one option (already used to mitigate the earlier BEAST attack) was to simply remove support for vulnerable ciphers and use others available in SSL v3.0. Unfortunately, this only left the RC4 stream cipher, which by then was also proven to be vulnerable.
POODLE is one of many vulnerabilities detected by Invicti. If SSL v3.0 support is detected on the web server, Invicti reports the vulnerability and suggests remedies to disable support for insecure SSL/TLS protocols in several popular web servers.
A new variant of the original POODLE attack was announced on December 8, 2014. This attack exploits implementation flaws of CBC encryption mode in the TLS 1.0 - 1.2 protocols. Even though TLS specifications require servers to check the padding, some implementations fail to validate it properly, which makes some servers vulnerable to POODLE even if they disable SSL 3.0.[5] SSL Pulse showed "about 10% of the servers are vulnerable to the POODLE attack against TLS" before this vulnerability was announced.[26] The CVE-ID for F5 Networks' implementation bug is CVE-2014-8730. The entry in NIST's NVD states that this CVE-ID is to be used only for F5 Networks' implementation of TLS, and that other vendors whose products have the same failure to validate the padding mistake in their implementations like A10 Networks and Cisco Systems need to issue their own CVE-IDs for their implementation errors because this is not a flaw in the protocol but in the implementation. 2ff7e9595c
Comments