As mentioned in our previous recipe, Obtaining HTTPS parameters with SSLScan, it is possible, in some conditions, for a man-in-the-middle attacker to downgrade the secure protocol and cipher suites used in an encrypted communication.
A Padding Oracle On Downgraded Legacy Encryption (POODLE) attack uses this condition to downgrade a TLS communication to SSLv3 and forces the use of cipher suites (CBC) that can be easily broken and then the communication decrypted.
In this recipe, we will use an Nmap script to detect the existence of such a vulnerability on our test server.
We will have to install Nmap and download the script made specially to detect this vulnerability:
- Go to
http://nmap.org/nsedoc/scripts/ssl-poodle.html. - Download the
ssl-poodle.nsefile. - Let's say, it was downloaded to
/root/Downloadsin your Kali Linux installation. Now open a terminal and copy it to the Nmap'sscriptsdirectory:cp /root/Downloads/ssl-poodle.nse /usr/share/nmap/scripts/
Once you have the script installed, perform the following steps:
- Go to the terminal and run:
nmap --script ssl-poodle -sV -p 443 192.168.56.102
We told Nmap to scan port 443 on 192.168.56.102 (our vulnerable_vm), identify the service's version and execute the ssl-poodle script on it. As a result, we can conclude that the server is vulnerable because it allows SSLv3 with the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite.
The Nmap script we downloaded establishes a secure communication with the tested server and determines if it supports CBC ciphers over SSLv3. If it does, it is vulnerable; leading to the risk that any intercepted information can be decrypted by the attacker in a relatively short time.
To understand this attack better, you can check some explanations from the most basic aspects to the cryptographic implications:
- Möller, Duong, and Kotowicz, This POODLE Bites: Exploiting the SSL 3.0 Fallback, https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://en.wikipedia.org/wiki/Padding_oracle_attack
- https://en.wikipedia.org/wiki/Padding_%28cryptography%29#Block_cipher_mode_of_operation