IT Blogwatch Security

Now P.O.O.D.L.E. poos on flaw in TLS

F5 and A10 gear is vulnerable

poodle tls
Credit: John Leslie (cc:by)

Remember October's flap about the vulnerability in SSL, known as POODLE? Remember all the smug people running servers that only supported TLS? Well, they may not be so smug this morning.

It turns out that some TLS implementations are vulnerable to a variant of the same 'padding' issue. Here we go again: In IT Blogwatch, bloggers patch, patch and patch once more.

curated these bloggy bits for your entertainment.


On today's journey, Lucian Constantin is our companion:

Webmasters who patched their sites against a serious SSL flaw discovered in October will have to check them again. ... The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers...to decrypt sensitive information.

Initially, researchers believed it affected only SSL [but] have now discovered that the issue also affects some implementations of TLS. ... Some major sites [are] vulnerable...because they were using load balancers from F5 Networks and A10 Networks.  MORE


And Dan Goodin adds:

Some of the world's leading websites—including...Bank of America, VMware, the US Department of Veteran's Affairs, and...Accenture—are vulnerable.

As concerning as POODLE was to security professionals, it required attackers to follow several steps that could often prove difficult in real-world environments. [But] the newly disclosed attack against TLS is...slightly less demanding to carry out. ... About one in 10 websites are vulnerable to the new POODLE attack for TLS.  MORE


So Richard Chirgwin brings this detail:

Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling of padding.

[And] there's no need for an attacker to try and force the target to fall back to SSL 3 (which, by the way, you should have eliminated entirely and forever from your network by now).  MORE


Adam Langley first discovered the new vuln flavor in the wild:

If an SSLv3 decoding function was used with TLS, then the POODLE attack would work. ... This was noted by, at least, Brian Smith on the TLS list. [So I] wrote a scanner.

Unfortunately, I found a number of major sites that had this problem. ... F5 have posted patches for their products and A10 should be releasing updates [yesterday]. I'm not completely sure that I've found every affected vendor.

This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken...RC4 is fundamentally broken and no implementation can save it, attacks against MtE-CBC ciphers [are] practical.  MORE


Meanwhile, Ivan Ristić points the finger:

It’s likely to affect some of the most popular web sites in the world, owing largely to the popularity of F5 load balancers.

If you recall, SSL 3 doesn’t require its padding to be in any particular format...opening itself to attacks. ... However, even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure.  MORE


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.