Skip to end of metadata
Go to start of metadata

What are the SSL attacks? 

Drown, Freak, and Poodle 

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server. The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol.

FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Who is affected?

  • Any service with SSLv2 (Drown), SSLv3 (Poodle), and weak ciphers (Freak)

  • You may have received an email from us

How do I fix this?

DROWN

Disable SSLv2. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS.

How to fix common services?

Apache, PostfixNginxDebianRed Hat

POODLE

Disable SSLv3. Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.

How to fix common services?

 Apache,  Postfix,  Nginx, Tomcat, Red Hat


FREAK

Disable support for any export suites. However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols beyond RSA) and enable forward secrecy.

How to fix common services?

Apache,  Postfix,  Nginx, Red Hat

How to verify it is fixed?

  • What bad looks like after running ssltest

 

 

  • What good looks like after running ssltest. You need at least a B or T (meaning B or A but not trusted)

 

 

 

Resources

More info: 

DROWN

https://drownattack.com/#mitigation

https://drownattack.com/

https://drownattack.com/drown-attack-paper.pdf

http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5

https://www.openssl.org/news/secadv/20160301.txt

https://github.com/nimia/public_drown_scanner

http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html

https://blog.qualys.com/securitylabs/2016/03/01/drown-abuses-ssl-v2-to-attack-rsa-keys-and-tls

https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

http://arstechnica.com/security/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack/

 

More Details, Exactly how the DROWN attack works

       Figure A) Servers that support SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default setting

       Figure B) Servers whose private key is used on any other server that allows SSLv2 connections, even for another protocol

 

Figure A                                                                                                                 Figure B

 

POODLE

https://www.imperialviolet.org/2014/10/14/poodle.html

https://www.openssl.org/~bodo/ssl-poodle.pdf

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

https://www.openssl.org/~bodo/ssl-poodle.pdf

https://poodle.io/servers.html

 

FREAK

https://freakattack.com/
https://www.openssl.org/news/openssl-0.9.8-notes.html
https://www.openssl.org/news/secadv/20150108.txt
https://www.openssl.org/news/vulnerabilities.html
https://www.smacktls.com/#freak

http://www.symantec.com/connect/blogs/freak-vulnerability-what-you-need-know