How to prevent SSLv3/Poodle attack?

Sven Schwedas sven.schwedas at tao.at
Thu Oct 16 06:14:10 EDT 2014 

On 2014-10-15 18:20, Geoff Winkless wrote:
> Well the only thing new about POODLE versus previous known
> vulnerabilities is the way to manipulate the known vulnerability to gain
> the session cookie, which you can then re-use to log on to the site for
> yourself without needing to authenticate.

I think the more important new concept is that arbitrary sessions can be
downgraded to use a known vulnerable cipher/protocol version, even if
more secure are available and servers/clients use cipher suite pinning
and all the other tricks we came up with to mitigate BEAST et. al.

This makes the current "add new protocols for secure clients, but keep
backwards compatibility anyway" approach for handling SSL much more
dangerous.

> There's no such thing as a session cookie in IMAP, so I'd be very
> surprised to see it usable. That doesn't mean that IMAP/SSL3 is secure,
> it just means it's no less secure today than it was 10 years ago.

The current exploit is quite HTTP(S) specific and I can't think of a way
to apply it to IMAP, but it's probably not the last SSL3 problem.

> https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html is
> really good description, read especially the bit above "The workaround".
> 
> Hope this helps
> 
> Geoff
> 
> On 15 October 2014 17:03, <lst_hoe02 at kwsoft.de
> <mailto:lst_hoe02 at kwsoft.de>> wrote:
> 
> 
>     Zitat von Geoff Winkless <cyrus at geoff.dj <mailto:cyrus at geoff.dj>>:
> 
> 
>         Genuine question: is it shown that POODLE impacts on IMAPS?
> 
>         I don't see how POODLE could affect an IMAPS session, since it
>         only works
>         if you can MITM a non-SSL session on the user's browser and
>         force it to
>         request the same target page over and over.
> 
>         Cheers
> 
>         Geoff
> 
> 
>     As said i'm still reading on the details, so thanks for the pointer.
>     Nonetheless it might be time to give up on SSLv3 because of protocol
>     design errors/weakness. Unfortunately it looks like Cyrus can not
>     disable SSLv3 protocol without disabling ciphers also used in
>     TLSv1.x, no?
> 
>     Regards
> 
>     Andreas
> 
> 
> 
>     ----
>     Cyrus Home Page: http://www.cyrusimap.org/
>     List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>     To Unsubscribe:
>     https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 
> 
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20141016/ad5b7770/attachment.bin

More information about the Info-cyrus mailing list