Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POODLE vulnerability in TLS not just SSL

From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 9 Dec 2014 10:53:18 -0600
Copy-pasting from my comment on Reddit:

[ssl-poodle only tests] for the known-bad condition of SSLv3 with CBC
cipher support. The article is saying that even TLSv1.0 and higher can be
vulnerable if the implementation is not strict enough.

I considered how to write an Nmap script for this new condition, but
there's not really a good way to do it, since it has to modify the way that
data is sent post-handshake (by using random padding instead of PKCS #7
padding), which OpenSSL doesn't let you do. The only alternative I can see
at the moment is implementing a full TLS client in Lua, or at least most of
one and binding the core crypto stuff to OpenSSL.


Dan

On Tue, Dec 9, 2014 at 9:46 AM, Jasey DePriest <jrdepriest () gmail com> wrote:


With the revelation that the POODLE attack can be used against some
implementations of TLS, will the ssl-poodle script be updated to detect
vulnerable systems?

Qualys SSLLabs already checks for it as POODLE (TLS).

References:

http://arstechnica.com/security/2014/12/meaner-poodle-bug-that-bypasses-tls-crypto-bites-10-percent-of-websites/
https://isc.sans.edu/forums/diary/POODLE+Strikes+Bites+Again/
https://www.imperialviolet.org/2014/12/08/poodleagain.html
https://www.ietf.org/mail-archive/web/tls/current/msg14058.html
https://www.ietf.org/mail-archive/web/tls/current/msg14072.html

---

Thanks!
Jasey DePriest

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: