This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability opens the door for possible man-in-the-middle attacks.
Adam Langley of Google provides some additional insight into POODLE:
“This should be an academic curiosity because SSLv3 was deprecated very nearly 15 years ago. However, the Internet is vast and full of bugs. The vastness means that a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version. Thus, this attack is widely applicable.” (Emphasis not added)
He also provided some guidance for mitigation via TLS_FALLBACK_SCSV.
And Matthew Green, Assistant Research Professor of the Johns Hopkins Information Security Institute, provides an excellent summary of the vulnerability on his blog:
“it allows a clever attacker who can (a) control the Internet connection between your browser and the server, and (b) run some code (e.g., script) in your browser to potentially decrypt authentication cookies for sites such as Google, Yahoo and your bank.”
Zimbra and POODLE
Zimbra has provided guidance below regarding Zimbra’s products. For customers or partners: 1) if you leverage a SSL offload appliance please reach out to your appliance provider for guidance; 2) if Zimbra is hosting your solution, you will receive a direct communication from Zimbra in the next 48 hours.
We will provide updates to this post as new developments take shape. Thank you for your patience and understanding.
Zimbra is providing documentation for how to disable SSLv3 for all instances of Zimbra Collaboration (8.0.x & 8.5.x), and is tracking the vulnerability in Zimbra’s bugzilla.
For our community/social product, you must disable SSLv3 on your IIS server, which Microsoft has provided guidance for.
The original post contains an error; it doesn’t specify the name of the new (or generally existing) DWORD value that needs to be changed. The correct entry is named “Enabled”. If this exists, it should be set to “0” as the article specifies, if it does not, it should be created per the article’s instructions.
Zimbra Sync and Share (formerly Mezeo)
While Zimbra Sync and Share is not publicly available, we want to provide guidance for anyone running the software.
The server typically uses SSL termination at the load-balancer and not the product itself. In the cases where customer’s needs require a load-balancer, we help customers deploy HAProxy — who has written a POODLE mitigation blog post for their product
Several browser, server and OS vendors have posted tech notes or blogs: