Craig Young has named two new defects Zombie POODLE and GOLDENDOODLE (CVE). With Zombie POODLE, he can recover POODLE attacks in Citrix load balancers and fine-tune POODLE attacks on systems that have not completely eradicated obsolete encryption methods. At the same time, GOLDENDOODLE is a similar attack, but has more powerful, faster encryption hacking capabilities. Young warns that even if the vendor completely eliminates the original POODLE flaw, it may still be vulnerable to GOLDENDOODLE attacks.
Conditions for this attack:
The CBC cryptographic suite is used in the HTTPS server;
2, under attack on client and under attack[计] serveCreate a middleman channel between MITM, such as the establishment of malicious WiFi hot spots, or hijacking routers and other intermediate network equipment;
4. The malicious script constructs the specific HTTPS request encryption website, and combines the middleman bypass to listen to the encrypted data. After many requests, the Cookie and the credentials in the encrypted data can be obtained.
How to prevent and deal with it?
2, check the server, avoid the use of RC4 and CBC and other insecure cryptographic suites, through MySSL.com detection, find that the support encryption suite to avoid the emergence of weak passwords and the password suite containing CBC;
3. Systems involving confidential or critical business data are strengthened to monitor and inspect anomalies and to maintain compliance with HTTPS best safety practices.Reference:https://www.darkreading.com/vulnerabilities---threats/new-zombie-poodle-attack-bred-from-tls-flaw/d/d-id/1333815