LLMpediaThe first transparent, open encyclopedia generated by LLMs

POODLE

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Transport Layer Security Hop 4
Expansion Funnel Raw 37 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted37
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
POODLE
NamePOODLE
DiscoveredOctober 2014
DiscoverersBodo Möller, Thai Duong, Krzysztof Kotowicz
AffectedSSL 3.0
CVECVE-2014-3566

POODLE. The Padding Oracle On Downgraded Legacy Encryption (POODLE) is a significant cryptographic vulnerability that targeted the Secure Sockets Layer protocol. Discovered in late 2014 by a team from Google, the flaw exploited the obsolete SSL 3.0 to decrypt secure communications. This attack underscored critical weaknesses in backward compatibility and prompted a widespread industry shift towards more secure protocols.

Overview

The POODLE attack specifically targeted the CBC mode of operation within the aging SSL 3.0 specification. By exploiting the protocol's support for non-deterministic padding, an attacker conducting a man-in-the-middle attack could gradually decrypt encrypted information. This vulnerability was particularly dangerous because it could be triggered by forcing a protocol downgrade from modern Transport Layer Security to the older, vulnerable SSL 3.0. Major technology firms, including Mozilla and Microsoft, quickly acknowledged the severity of the flaw. The attack demonstrated that maintaining support for deprecated cryptographic standards could compromise the security of entire systems.

Technical details

The attack leveraged the fact that SSL 3.0 does not definitively verify the contents of the padding bytes in its CBC mode cipher suites. An attacker intercepting traffic between a client, such as a web browser, and a server could record encrypted messages. By manipulating the client to resend requests and carefully modifying the ciphertext, the attacker could use the server's error responses as a padding oracle. This allowed for the systematic decryption of one byte of a secret, like an HTTP cookie, with each successful attempt. The process required a significant number of intercepted sessions but was entirely feasible against servers supporting SSL 3.0. The core weakness was intrinsic to the protocol's design, not a specific implementation error in software from vendors like OpenSSL or NSS.

Impact and mitigation

The impact of POODLE was widespread, as support for SSL 3.0 remained common for compatibility with legacy systems like Internet Explorer 6. Financial institutions, e-commerce platforms, and major web services were all potentially vulnerable to session hijacking. The primary and most effective mitigation was the complete disabling of SSL 3.0 on both servers and clients. Administrators were urged to transition exclusively to TLS 1.2 or later. Client-side, browsers such as Google Chrome and Mozilla Firefox implemented automatic fallback restrictions. Furthermore, the development of the TLS_FALLBACK_SCSV extension provided a mechanism to prevent protocol downgrade attacks. These collective actions were championed by organizations like the Internet Engineering Task Force and led to the formal deprecation of SSL 3.0 by standards bodies.

History and discovery

The vulnerability was discovered and publicly disclosed in October 2014 by security researchers Bodo Möller, Thai Duong, and Krzysztof Kotowicz of Google. The disclosure followed a coordinated responsible disclosure process with key industry stakeholders. Its discovery came shortly after other major TLS vulnerabilities, namely the Heartbleed bug and the BREACH attack, creating a period of intense scrutiny on Internet security. The name POODLE was chosen as a continuation of animal-themed vulnerability names following Heartbleed and reflected the attack's nature as a padding oracle attack. The publication of the research paper detailing POODLE accelerated the global information technology community's abandonment of legacy encryption protocols.

Several related attacks emerged following the original POODLE disclosure. The most notable is **POODLE TLS**, sometimes called "POODLE 2.0", which applied a similar principle to certain implementations of the TLS protocol that incorrectly handled CBC mode padding. Another significant variant was the **Downgrade Dance Attack**, which explored other vectors for forcing protocol downgrades. These developments are part of a broader class of cryptographic attacks that include the Lucky Thirteen attack and the BEAST attack, which also targeted CBC mode in SSL/TLS. The continued research in this area, including work presented at conferences like Black Hat and USENIX Security Symposium, has driven the adoption of more secure modes like AEAD constructions in TLS 1.3.

Category:Cryptographic attacks Category:Computer security exploits Category:Internet security