The SSLv3 Poodle vulnerability which was released on October 14th 2014, is an attack on the SSL 3.0 protocol and it is completely protocol based vulnerability.
POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. The padding attack happens when a plain text is converted to ciphertext. The plain text message often has to be expanded to be compatible with the underlying cryptographic structure and the leakage of data mainly occur during the decryption of the cipher text.
The SSLv3 poodle vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle attack.
Check if your WHM/cpanel server is SSLv3 Poodle vulnerable
Login to your server via ssh as root and execute the command
openssl s_client -connect <server>:<port> -ssl3
Eg : openssl s_client -connect example.com:443 -ssl3 (where example.com is your domain name.)
If the connection succeeds, sslv3 is enabled.
If it fails, SSLv3 is disabled.
When it fails, you will get the below error handshake failure as given below and it states that your server is secure from this vulnerability.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
If SSLv3 is enabled in your server, it is required to disable SSLv3 support.
Also, you can execute this short script to check if your system is vulnerable to poodle
for port in 21 443 465 993 995 2083 2087 2078 2096; do echo “Scanning $port”; for cipher in $(openssl ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s/:/ /g’); do echo -n | openssl s_client -sslv3 -cipher “$cipher” -connect xx.yy.zz.aa:$port 2>&1 | grep -i “Cipher is”; done; done
where xx.yy.zz.aa is your server IP address.
If the result of this script shows some cipher output, then your server is found to be vulnerable.
Support for SSL 3.0 is available in most of the mail, ftp and web clients and this, in turn, makes all your clients vulnerable to an exploit. So we recommend to disable SSlv3 in all cPanel servers.
In cPanel/WHM, these are the services HTTP, POP3, IMAP, FTP, SMTP, Control Panel, Web Disk to be secured.
Need expert assistance?
SupportPRO has a team of well-experienced professionals. We can assist you in patching and fixing the mentioned vulnerabilities if found in your server. Feel free to contact us if you need assistance.
If you require help, contact SupportPRO Server Admin