Linux CentOS Security
Poodle Virus – What & How To Secure Server from it
November 20, 2014
0
, ,

Whats That:

A newly discovered vulnerability in an old version of the SSL protocol represents a threat to a high number of Web servers because they contain legacy support for the outdated technology. The SSL Man In The Middle Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.

SSL and TLS are both secure protocols for Internet communication and work by encrypting traffic between two computers. Most TLS clients will downgrade the protocol they use to SSL 3.0 if they have to work with legacy servers. The vulnerability lies in the fact that an attacker can potentially interfere with the handshake process which verifies which protocol the server can use and force it to use SSL 3.0 even if a newer protocol is supported.

The vulnerability was disclosed by Google, which said that a successful exploit could allow an attacker to carry out a man-in-the-middle (MITM) attack to decrypt secure HTTP cookies, which could let them steal information or take control of the victim’s online accounts. The attack can be executed both on the server side and client side.

The type of attack facilitated by this vulnerability is in some respects similar in nature to exploit of the Heartbleed vulnerability, which affected OpenSSL, one of the most commonly used implementations of the SSL and TLS cryptographic protocols. It too provided a way for attackers to extract data from supposedly secure connections.

However, unlike Heartbleed, the attacker needs to have access to the network between the client and server to interfere with the handshake process. One potential avenue of attack could be through a public Wi-Fi hotspot. Because the attacker needs to have access to the network, this issue is not as severe as Heartbleed.

Disabling SSL 3.0 support or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but might cause compatibility problems. Due to this, Google’s recommendation is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0.

How To Check If your site SSL is poodle affected:

http://poodlebleed.com/
Go To Bottom,  in the doman text box, write your domain name, click the Go Button, it will let you know if your site is poodle affected or not

How To FIX:

Apache on cPanel/WHM

cPanel/WHM does not allow you to edit the Apache configuration files, and will overwrite most changes that are made to them. However, cPanel/WHM does give the option of configuring SSL cipher suites for Apache within the control panel.

In order to change the Apache cipher suites, follow these steps:

  1. In WHM, type apache into the left-hand sidebar’s search field. You will seeApache Configuration in the menu list. After clicking Apache Configuration, navigate toGlobal Configuration. It is the first option on the page in cPanel 11.44+.
  2. The first option is SSL Cipher Suite, and you will need to modify the current SSL Cipher Suite to include -SSLv3. An example of this is shown below.ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP:!kEDH
  3. After saving the page, you will be asked to rebuild and restart Apache. Your changes should take effect after Apache has been rebuilt and restarted.

About author

ZERIN

CEO & Founder (BdBooking.com - Online Hotel Booking System), CEO & Founder (TaskGum.com - Task Managment Software), CEO & Founder (InnKeyPro.com - Hotel ERP), Software Engineer & Solution Architect

How To Setup a Subdomain with SSL on Amazon Linux 2 AMI

I assume that you can login to Amazon Linux 2 AMI ...

Read more

MySQL “Order By Clause” Not Working with “SELECT DISTINCT and ORDER BY” after MySQL Update to 5.7

I have recently updated our MySQL server to MySQL ...

Read more

WHM:: PHP Mail is Not Working-Showing Its Disable

When your mail does not work, one example could be...

Read more

There are 0 comments