SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability

A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information.

The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an “oracle padding” side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information.

Consult the bug release note for additional information about affected products and configurations.

F5 Networks has confirmed the vulnerability in a security advisory and released software updates.

Attacks exploiting this vulnerability are identified as Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks, which could be used to disclose HTTP cookies or other HTTP authorization content that is being transmitted over an TLSv1.x secure session. This issue should not be confused with CVE-2014-3566, as described in Cisco Alert 36084[“https://sec.cloudapps.cisco.com/security/center/viewAlert.x?alertId=36084”].

It should be noted that oracle does not refer to the software company of the same name, but to a term used in cryptography.

To exploit the vulnerability, the attacker may require access to a trusted, internal network to perform man-in-the-middle attacks on a targeted system. This access requirement limits the likelihood of a successful exploit.