CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Vulnerability in SSLv3 Could Allow Information Disclosure
A vulnerability exists within the SSL version 3.0 protocol allowing an attacker to hijack and decrypt session cookies that are utilized between a user's web browser and the web site. Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide secure network communication using X.509 certificates. This could lead to attackers temporarily impersonating web site visitor account logins and/or online payment systems.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Any client or Web Server supporting SSLv3 protocol
- Large and medium government entities:Moderate
- Small government entities:Moderate
- Large and medium business entities:Moderate
- Small business entities:Moderate
Home users: Low
A vulnerability exists within the SSL version 3.0 protocoldue to improper cipher-block chaining (CBC) mode decryption used within the block ciphersallowing an attacker to hijack and decrypt session cookies that are utilized between a user's web browser and the web site. This could lead to attackers obtaining enough information to temporarily impersonate web site visitor account logins and/or online payment systems. Please note that the website and the end-user's system must support SSLv3, and the attacker must be able to intercept and modify the network traffic in order tosuccessfully perform the Man-in-the-Middle (MITM) attack to exploit this vulnerability.
Successful MITM attacks could lead to the attacker having temporary control over the attacked user's web session through session hijacking.
We recommend the following actions be taken:
- Disable SSL3 support both server side and within the client browser settings.
- Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
- Update all plugins used by the webserver and disable/remove all unused plugins.
- Ensure that systems are hardened with industry-accepted guidelines.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.