Remember October's flap about the vulnerability in SSL, known as POODLE? Remember all the smug people running servers that only supported TLS? Well, they may not be so smug this morning.
It turns out that some TLS implementations are vulnerable to a variant of the same 'padding' issue. Here we go again: In IT Blogwatch, bloggers patch, patch and patch once more.
Your humble blogwatcher curated these bloggy bits for your entertainment.
On today's journey, Lucian Constantin is our companion:
Webmasters who patched their sites against a serious SSL flaw discovered in October will have to check them again. ... The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers...to decrypt sensitive information.
…
Initially, researchers believed it affected only SSL [but] have now discovered that the issue also affects some implementations of TLS. ... Some major sites [are] vulnerable...because they were using load balancers from F5 Networks and A10 Networks. MORE
And Dan Goodin adds:
Some of the world's leading websites—including...Bank of America, VMware, the US Department of Veteran's Affairs, and...Accenture—are vulnerable.
…
As concerning as POODLE was to security professionals, it required attackers to follow several steps that could often prove difficult in real-world environments. [But] the newly disclosed attack against TLS is...slightly less demanding to carry out. ... About one in 10 websites are vulnerable to the new POODLE attack for TLS. MORE
So Richard Chirgwin brings this detail:
Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling of padding.
…
[And] there's no need for an attacker to try and force the target to fall back to SSL 3 (which, by the way, you should have eliminated entirely and forever from your network by now). MORE
Adam Langley first discovered the new vuln flavor in the wild:
If an SSLv3 decoding function was used with TLS, then the POODLE attack would work. ... This was noted by, at least, Brian Smith on the TLS list. [So I] wrote a scanner.
…
Unfortunately, I found a number of major sites that had this problem. ... F5 have posted patches for their products and A10 should be releasing updates [yesterday]. I'm not completely sure that I've found every affected vendor.
…
This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken...RC4 is fundamentally broken and no implementation can save it, attacks against MtE-CBC ciphers [are] practical. MORE
Meanwhile, Ivan Ristić points the finger:
It’s likely to affect some of the most popular web sites in the world, owing largely to the popularity of F5 load balancers.
…
If you recall, SSL 3 doesn’t require its padding to be in any particular format...opening itself to attacks. ... However, even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure. MORE
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.
