Browse Definitions :
Definition

POODLE Attack

What is a POODLE attack?

The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.

In October 2014, the United States Computer Emergency Readiness Team (US-CERT) issued an advisory about a vulnerability associated with the encryption that protects internet traffic. The security flaw, POODLE (Padding Oracle On Downgraded Legacy Encryption), allows attackers to decrypt network traffic between a client and a server.

SSL 3.0 and SSL 2.0, older versions of the Transport Layer Security (TLS) protocol used to encrypt and authenticate data sent over the internet, are vulnerable to POODLE attacks. In addition, while the industry deprecated these protocols -- replacing them with newer and more secure TLS connections -- a small number of browsers still support SSL. An attacker attempting to exploit POODLE can force these browsers to downgrade to SSL 3.0 when TLS is unavailable by inserting themselves into the communication session.

Transport layer at Layer 4 of the OSI communications model
Open Systems Interconnection (OSI) communications model positions the transport layer at Layer 4, where it ensures the reliable arrival of messages across a network, checks for errors and provides data flow controls.

How do POODLE attacks work?

The POODLE security flaw enables a man-in-the-middle (MiTM) attacker to eavesdrop on supposedly secure communications. This means attackers can exploit POODLE to steal users' private information and -- possibly -- impersonate the user, resulting in the user losing control over the exploited web application.

A POODLE attack is not simple to employ and requires success at each of the following three stages:

  1. In the initial stage, an attacker gains access to victims' sensitive data by performing a successful MiTM attack. An MiTM attack is a form of active eavesdropping where an attacker surreptitiously inserts themselves between two parties communicating over the internet to intercept and relay messages to and from them. So, while the victims believe they are talking directly to each other over a private connection, the attacker is in fact controlling the entire conversation.

  2. During the second stage, the attacker forces the server to switch to SSL 3.0 protocol. They do this by continually dropping connections during the MiTM attack until the service switches to an older protocol if it is not possible to switch to a newer protocol such as TLS 1.2. This stage of the POODLE attack is known as the downgrade attack.

  3. Once the server switches to SSL 3.0, the attacker uses POODLE to retrieve information from encrypted packets. This means they can intercept the vulnerable client's session and view the information in unencrypted data as plaintext.

How to prevent and repair POODLE attacks

Any server that supports SSL 3.0 and older versions of TLS is vulnerable to a POODLE attack. Modern versions of TLS are safe, and today's browsers block sites that use old versions of TLS (1.0, 1.1). A server configured to support only newer protocols (TLS 1.2, 1.3) prevents the possibility of a POODLE attack.

What is the POODLE vulnerability?

The POODLE vulnerability impacts certain cipher suites defined within a security protocol, including TLS and SSL. Cipher suites are cryptographic algorithms and key exchange methods used to establish secure connections between a client and a server. When block ciphers encrypt cipher suites, a private and public key is generated using asymmetric encryption. The communication between the user and server uses the key for encryption.

The POODLE attack relies on victims using the least secure encryption mode possible: cipher-block chaining (CBC) mode. CBC mode is a message encryption mode for block ciphers. In this mode, each block is XORed with the previous ciphertext block before encryption. In cryptography, the XOR logical operator applied to two equal-length strings yields a result that has the same length as the operands.

What is padding?

In cryptography, padding -- the P in POODLE attack -- refers to data added to plaintext before encryption. Padding is necessary to prevent a cipher from being vulnerable to a known plaintext attack.

In the context of SSL/TLS (HTTPS) connections, padding ensures the length of the plaintext transmitted over an encrypted connection is a multiple of the cipher block size as required in block cipher algorithms. Cryptographers refer to the process of adding padding as "padding" or "padding oracle."

How a TLS (transport layer security) handshake works
The most widely deployed security protocol, Transport Layer Security (TLS) delivers authentication, privacy and data integrity between communicating computer applications.

A padding oracle on CBC mode encryption allows a passive attacker to decrypt ciphertext without knowing the encryption key or even the plaintext. The attacker modifies encrypted data, and the server responds with an error message indicating that either the padding or message authentication code (MAC) is incorrect. By knowing that the same plaintext was encrypted using the same initialization vector (IV), an attacker is able to determine the plaintext bytes size with a high probability.

MAC-then-encrypt. The SSL/TLS protocol secures data exchanged over the network and ensures the integrity of data in transit. MAC, on the other hand, is a cryptographic technique -- sometimes referred to as a cryptographic hash -- used to verify no one has altered a message. The MAC-then-encrypt process calculates and inserts the MAC value, then encrypts data and padding before sending it to another computer.

History of SSL and TLS protocols

SSL and TLS are both established protocols for encrypting connections over the internet. Created by Netscape in the early 1990s, SSL served as a way to secure communication over the internet and make sure that data was authentic. TLS today serves as a more secure replacement for SSL.

A timeline of SSL and TSL development:

  • SSL 2.0. Released in 1995, this version of SSL is now prohibited by the Internet Engineering Task Force (see RFC-6176).
  • SSL 3.0. Released in 1996, SSL 3.0 is deprecated, but a few browsers still support it (RFC-7568).
  • TLS 1.0. Released in 1999 and deprecated in 2020.
  • TLS 1.1. Released in 2006 and deprecated in 2020.
  • TLS 1.2. Released in 2008 and still has no security issues.
  • TLS 1.3. Released in 2018 and continues to be the main protocol used today without any known vulnerabilities.

Other SSL/TLS vulnerabilities

A POODLE attack is not the only SSL/TLS vulnerability. Others include the following:

BEAST attack (CVE-2011-3389) vulnerability is a form of MiTM attack that uses a CBC algorithm in order to exploit vulnerabilities in a browser's implementation of the SSL/TLS protocols.

SWEET32 attack (CVE-2016-2183) vulnerability is a plaintext recovery attack on 64-bit block ciphers in CBC mode.

This was last updated in April 2021

Continue Reading About POODLE Attack

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close