Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All presented at BlackHatAsia2019 2019

by Craig Young,

Summary : HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specification has a long list of workarounds, countermeasures and caveats, which must be carefully followed to prevent attack. This is evident from the fact that PKCS #1 v1.5 padding, RC4 encryption, and CBC mode ciphers can all be used in TLSv1.2.This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. The GOLDENDOODLE attack also demonstrates that a Cisco ASA CVE previously not known to affect confidentiality can, in fact, reveal sensitive data, such as session cookies to a network-based attacker.