Zombie POODLE wanders in, cocks leg on TLS

Google might have taken POODLE to a distant country road, let it out and driven away fast, but according to Qualys, the vulnerability has returned, repurposed, as an attack on Transaction Layer Security (TLS).

Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling of padding. Qualys reckons the new attack, which works on TLS 1.2, is possible because while TLS has much stricter padding requirements than SSL 3 (which was the target for POODLE), “some TLS implementations omit to check the padding structure after decryption”.

Not only that, but because the client is allowed to use TLS, there's no need for an attacker to try and force the target to fall back to SSL 3 (which, by the way, you should have eliminated entirely and forever from your network by now).

As Google's Adam Langley explains in outlining the issue (here or, because that site seems to have been Slashdotted at the time of writing, here), TLS padding “is a subset of SSL v3's padding, so technically, you could use an SSL v3 decoding function with TLS and it would still work fine … the POODLE attack would work, even against TLS connections”.

Langley writes, and F5 Networks agrees, that F5 kit is vulnerable to the attack (advisory https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html with suggested mitigations), and he reckons A10 customers should also be watching out for patches.

“Everything less than TLS 1.2 with an AEAD cipher suite is broken”, Langley notes. ®