[Ach] POODLE on TLS < 1.2

Aaron Zauner azet at azet.org
Wed Dec 10 13:47:45 CET 2014

Relevant to this thread:



Unfortunately, my scans indicate that 3.6% of servers do not check the
padding for at least one TLS 1.x version when the protocol version of
the connection is TLS 1.0 or higher. This means that, even if they have
disabled SSL v3 (which 43% of the affected servers fortunately do),
those servers are still vulnerable to a POODLE-style attack! This can
happen because either the server only support that version, or the
attacker can just force the client back to whichever TLS version is
vulnerable, and even worse is that 4.24% of TLS 1.2 server have this
problem even for TLS 1.2, which means no rollback attack is needed, at
all, when attacking these servers.


A worrying part of what I found is that, while most of the affected
servers were vulnerable for TLS 1.0, 3.3% of the affected servers were
not vulnerable for TLS 1.0, but were for either TLS 1.1 and/or TLS 1.2.
Considering that the format of the padding is the same in all three
versions of TLS, by rights, if a server has the problem for one version,
it should have them for the other versions it implements.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141210/5ea5fa66/attachment.sig>

More information about the Ach mailing list