Home General Topics SSLv3 POODLE vulnerability on your server and the fixes
General TopicsMiscellaneousServer Security

SSLv3 POODLE vulnerability on your server and the fixes

by Bella
written by Bella

The SSLv3 Poodle vulnerability which was released on October 14th 2014, is an attack on the SSL 3.0 protocol and it is completely protocol based vulnerability.

POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. The padding attack happens when a plain text is converted to ciphertext. The plain text message often has to be expanded to be compatible with the underlying cryptographic structure and the leakage of data mainly occur during the decryption of the cipher text.

The SSLv3 poodle vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle attack.

p1

Check if your WHM/cpanel server is SSLv3 Poodle vulnerable

Login to your server via ssh as root and execute the command

openssl s_client -connect <server>:<port> -ssl3

Eg : openssl s_client -connect example.com:443 -ssl3 (where example.com is your domain name.)

If the connection succeeds, sslv3 is enabled.

If it fails, SSLv3 is disabled.

When it fails, you will get the below error handshake failure as given below and it states that your server is secure from this vulnerability.

======

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

======

If SSLv3 is enabled in your server, it is required to disable SSLv3 support.

Also, you can execute this short script to check if your system is vulnerable to poodle

======

for port in 21 443 465 993 995 2083 2087 2078 2096; do echo “Scanning $port”; for cipher in $(openssl ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s/:/ /g’); do echo -n | openssl s_client -sslv3 -cipher “$cipher” -connect xx.yy.zz.aa:$port 2>&1 | grep -i “Cipher is”; done; done

======

where xx.yy.zz.aa is your server IP address.

If the result of this script shows some cipher output, then your server is found to be vulnerable.

Support for SSL 3.0 is available in most of the mail, ftp and web clients and this, in turn, makes all your clients vulnerable to an exploit. So we recommend to disable SSlv3 in all cPanel servers.

In cPanel/WHM, these are the services HTTP, POP3, IMAP, FTP, SMTP, Control Panel, Web Disk to be secured.

Need expert assistance?

SupportPRO has a team of well-experienced professionals. We can assist you in patching and fixing the mentioned vulnerabilities if found in your server. Feel free to contact us if you need assistance.

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Configure Lifecycle Rules in Google Cloud Storage Buckets

Data recovery using Scalpel and Foremost

What Is a Fork Bomb and How Can...

Access WHM/cPanel Without Root Password

TightVNC Viewer for Windows

Multiple SSL Certificates on a Single IP Using...

MariaDB vs PostgreSQL vs MongoDB : Comparison

Ansible Semaphore – A brief Introduction

AWS Organizations – Benefits and Use Cases

Docker Compose – Guide

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

Twitter Facebook Linkedin Rss