File ssl-poodle

Script types: portrule

Categories: vuln, safe

Download: https://svn.nmap.org/nmap/scripts/ssl-poodle.nse

User Summary

Checks whether SSLv3 CBC ciphers are allowed (POODLE)

Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL.

POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are vulnerable. For speed of detection, this script will stop after the first CBC ciphersuite is discovered. If you want to enumerate all CBC ciphersuites, you can use Nmap's own ssl-enum-ciphers to do a full audit of your TLS ciphersuites.

Script Arguments

tls.servername

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

smtp.domain

randomseed, smbbasic, smbport, smbsign

vulns.short, vulns.showall

Example Usage

See the documentation for the tls library.See the documentation for the smbauth library.See the documentation for the mssql library.See the documentation for the smtp library.See the documentation for the smb library.See the documentation for the vulns library.

nmap -sV --version-light --script ssl-poodle -p 443 <host>

Script Output

PORT STATE SERVICE REASON 443/tcp open https syn-ack | ssl-poodle: | VULNERABLE: | SSL POODLE information leak | State: VULNERABLE | IDs: CVE:CVE-2014-3566 BID:70574 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and | other products, uses nondeterministic CBC padding, which makes it easier | for man-in-the-middle attackers to obtain cleartext data via a | padding-oracle attack, aka the "POODLE" issue. | Disclosure date: 2014-10-14 | Check results: | TLS_RSA_WITH_3DES_EDE_CBC_SHA | References: | https://www.imperialviolet.org/2014/10/14/poodle.html | https://www.securityfocus.com/bid/70574 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 |_ https://www.openssl.org/~bodo/ssl-poodle.pdf

Requires

Author:

Daniel Miller

License: Same as Nmap--See https://nmap.org/book/man-legal.html