What is POODLE and how does it affect organizations?
On Tuesday, October 14th, Google researchers, Bodo Möller, Thai Duong and Krzysztof Kotowicz discovered a subtle but significant security weakness in version 3.0 of the SSL protocol. This bug, CVE-2014-3566, is being referred to as POODLE – Padding Oracle On Downgraded Legacy Encryption and is said to have a severity level of Medium. Although this particular vulnerable version of SSL is approximately 15 years old, it is still widely used and supported on most browsers. As a result, this vulnerability has the potential of affecting a significant number of individuals and organizations.
Transport Layer Security (TLS) and its predecessor, SSL 3.0, are commonly used to encrypt data between a user and their web server and provide a secure connection for the user. If a secure connection between the browser and the web server cannot be negotiated using the most updated version of TLS, it will downgrade to make the connection using an older version of SSL such as SSL 3.0. This is where the problem starts because the flaw in SSL 3.0 essentially allows hackers to gain access to encrypted information such as HTTP cookies used in the session.
This vulnerability is not as critical as Shellshock or Heartbleed. However, it is important to fix this issue as this puts all sensitive data such as bank account information, login information, emails and more at risk of being exposed to hackers.
Recommendations: Protecting your organization
Check Point Customers
- Check Point products are not vulnerable to the “POODLE Bites” vulnerability (CVE-2014-3566). See our Security Alert: sk102989
- Implement the IPS protection, CPAI-2014-1909, to detect or block the use of SSL 3.0
- Configure Multi Portal, HTTPS Inspection, and Check Point OS to prevent web browser use of SSL 3.0
Non Check Point Customers
- Use Active Directory Group Policy Objects to disable the use of SSL 3.0
- Update your browser when a patch is available
- Disable SSL 3.0 in your clients and servers
- Test if your browser is vulnerable at www.poodletest.com
- Test if a particular domain name is vulnerable at www.poodlescan.com
To learn more about this vulnerability, please visit: