New Zombie POODLE Attack Bred from TLS Flaw

New Zombie POODLE Attack Bred from TLS Flaw

Citrix issues update for encryption weakness dogging the popular security protocol.

---

Turns out a major design flaw discovered and patched five years ago in the old SSL 3.0 encryption protocol, which exposed secure sessions to the so-called
POODLE attack
, didnt really die: A researcher has unearthed two new related vulnerabilities in the newer TLS 1.2 crypto protocol.
Craig Young, a computer security researcher for Tripwires Vulnerability and Exposure Research Team, found vulnerabilities in SSL 3.0s successor, TLS 1.2, that allow for attacks akin to POODLE due to TLS 1.2s continued support for a long-outdated cryptographic method: cipher block-chaining (CBC). The flaws allow man-in-the-middle (MitM) attacks on a users encrypted Web and VPN sessions.
Specifically, there are products out there that did not properly remediate the first POODLE issue, says Young, who will detail his findings next month
at Black Hat Asia
in Singapore. He found the latest flaws while further researching, and then testing, just how an attacker could exploit the original POODLE MitM attack.
Among the affected vendors is Citrix, which is also the first to issue a patch for the flaw (
CVE-2019-6485
). The bug could allow an attacker to abuse Citrixs Delivery Controller (ADC) network appliance to decrypt TLS traffic.
At Citrix, the security of our products is paramount and we take all potential vulnerabilities very seriously. In the case of the so-called POODLE attack, we have applied the appropriate patches to mitigate the issue and 
advised our customers
 on actions needed to secure their platforms, the company said in a statement given to Dark Reading. We will continue to vigorously monitor our systems to ensure the integrity of our solutions and provide the highest levels of security for our customers around the world.
Young declined to name other vendors currently working on patches, but he says the products include Web application firewalls, load-balancers, and remote access SSL VPNs.
Young has christened the two new flaws Zombie POODLE and GOLDENDOODLE (CVE). With Zombie Poodle, he was able to revive the POODLE attack in a Citrix load balancer with a tiny tweak to the POODLE attack on some systems that hadnt fully eradicated the outdated crypto methods. GOLDENDOODLE, meanwhile, is a similar attack but with more powerful and rapid crypto-hacking performance. Even if a vendor has fully eradicated the original POODLE flaw, it still could be vulnerable to GOLDENDOODLE attacks, Young warns.
Some 2,000 of the Alexa Top 1 Million websites are vulnerable to Zombie POODLE, with some 1,000 to GOLDENDOODLE as well hundreds still vulnerable to the nearly 5-year-old POODLE, according to findings from Youngs online scans.
Its not just small sites that are vulnerable, he says: It seems to be more prevalent in sites that are spending more money on running websites, such as government agencies and financial institutions that run hardware acceleration systems like Citrixs platforms, he notes.
This [issue] should have been put to bed four or five years ago, Young says, but some vendors either didnt fully remove support for the older and less secure ciphers or didnt fully patch for the POODLE attack flaw itself. Citrix, for instance, had not fully patched for the original POODLE, he says, leaving it open for the next-generation POODLE attacks.
The core problem, of course, is that HTTPSs underlying protocol (first SSL, now TLS) hasnt been properly purged of old cryptographic methods that are outdated and less secure. Support for these older protocols, mainly to ensure that older legacy browsers and client machines arent locked out of websites, also leaves websites vulnerable. Like its predecessor, TLS 1.2 is riddled with workarounds and countermeasures for protecting against abuse of the older crypto, such as CBC and RC4.
The new Zombie POODLE and GOLDENDOODLE attacks - like POODLE - allow an attacker to rearrange encrypted blocks of data and, via a side channel, get a peek at plaintext information. The attack works like this: An attacker injects a malicious JavaScript into the victims browser via code planted on a nonencrypted website the user visits, for example. Once the browser is infected, the attacker can execute a MITM attack, ultimately grabbing the victims cookies and credentials from the secured Web session.
The First POODLE
The original POODLE flaw (Padding Oracle On Downgraded Legacy Encryption), aka
CVE-2014-3566
, was initially
discovered
 by researchers at Google. It wasnt easy to execute, and neither is POODLE Zombie or GOLDENDOODLE. Thats because attackers must be able to set up a MitM attack on the victims network or via Wi-Fi.
Every attack has to be rather targeted, and there are a lot of moving parts, Young says. From the attackers perspective, you have to know who you are targeting and what kind of system they are running so you can predict where the sensitive material is you are trying to steal. The goal of this attack is to steal an authentication cookie.
An attacker could gain access to the victims SSL VPN and ultimately pose as that victim on the organizations VPN and move around the network, for example. That would require the attacker on via a public Wi-Fi network to employ ARP spoofing or trick the users client machine or phone to a phony Wi-Fi hotspot where the attacker then could discern the victims authentication cookie for his or her VPN session.
Young says its not likely the POODLE family of attacks are being exploited by cybercriminals, but even so, these attacks would be difficult to detect. Servers dont typically log for this type of activity, for example, he notes.
GOLDENDOODLE
kicks it up a notch and executes the POODLE attack at a faster and more efficient rate, he explains. Why the seemingly silly name? It actually retrieves the key intel it needs: [Its] deterministic such that the attacker is able to test whether the byte being decrypted has a specific value, Young explains.
Go TLS 1.3
The long-term fix for POODLE-based attacks is adoption of the latest version of the TLS encryption protocol, TLS 1.3, which deleted the older crypto methods like CBC rather than including confusing and easily misconfigured workarounds. It takes away all nonauthenticated ciphers so attacks like POODLE and its successors cant be executed, Young says.
While TLS 1.3 is available in popular browsers and networking products, website operators have been slow to deploy it mainly out of fear that the move will inadvertently break something.
Meantime, organizations not quite ready to go full TLS 1.3 just yet can disable all CBC encryption suites in their TLS 1.2-based systems to protect themselves from the new attacks. Young says his recent scans are showing some organizations he contacted about their sites vulnerabilities to the POODLE family are now all clear:  I have ... noticed some websites that are able to remediate the flaw without disabling CBC or patching, but its not clear what workarounds they employed, he says.
The challenge is that larger websites often must support older Web browsers, Android devices, and Windows systems connecting to them. While Id like these businesses to disable CBC ciphers, it would probably create business issues for them if older client systems couldnt reach their sites, he says.
At Black Hat Asia, Young plans to release the scanning tool he created for his research for vendors and security experts to test Zombie POODLE and GOLDENDOODLE attacks. Tripwires IP360 scanner also detects the flaws, he notes.
Meantime, researchers at NCC Group today published
new research
on an attack that would downgrade TLS1.3 to the older, more vulnerable versions.
Related Content:
TLS 1.3 Wont Break Everything
Access Control Lists: 6 Key Principles to Keep in Mind
Preparing for Transport Layer Security 1.3
Crypto In The Crosshairs Again
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security

▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

Cyber Security Categories

Google Dorks Database

Exploits Vulnerability

Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Zombie POODLE Attack Bred from TLS Flaw