SSL Attack BREACH and POODLE

SSL Attack BREACH and POODLE

Overview of the Vulnerability

Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) and Padding Oracle On Downgraded Legacy Encryption (POODLE) are vulnerabilities in SSL and TLS that allows a malicious attacker to injection plaintext into a victim's request or force an SSL downgrade to decrypt encrypted data over thousands of requests. This application is vulnerable to a BREACH/POODLE attack as it supports outdated versions of SSL or TLS.

Business Impact

SSL attacks can lead to reputational damage for the business due to a loss in confidence and trust by users who identify outdated versions of SSL or TLS.

Steps to Reproduce

1. Run a tool such as SSLScan, TestSLL, or SSLyze to scan the SSL/TLS configuration

2. Observe the results showing the weak SSL/TLS versions:

{{value}}

Proof of Concept (PoC)

The screenshot below demonstrates the use of a cipher suite susceptible to a BREACH or POODLE attack:

{{screenshot}}

Recommendation(s)

It is recommended that only strong protocols, such as TLS 1.3, and strong cipher suites are supported. The implementation of TLS should be thoroughly tested once it is set up to ensure a secure connection between client and server.

For more information, please see:

• https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

• https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

• https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security