On Tuesday, October 14, 2014, Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3.

The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection.

While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.

An attacker can’t see the plaintext contents encrypted web content.

They only see the CBC-encrypted ciphertext blocks. But what happens if the attacker duplicates the block containing the cookie data and overwrites the last block with it?

When the receiver decrypts the last block it XORs in the contents of the previous ciphertext (which the attacker knows) and checks the authenticity of the data.

Critically, since SSLv3 doesn’t specify the contents of the padding (•) bytes, the receiver cannot check them. Thus the record will be accepted if, and only if, the last byte ends up as a seven.

POODLE Scan is a simple tool i wrote that can help detect if a server is vulnerable to the POODLE SSL vulnerability.