A vulnerability exists within the SSL version 3.0 protocol which allows an attacker to hijack and decrypt session cookies that are utilized between a user’s web browser and a web site. Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide secure network communication using X.509 certificates. This could lead to attackers temporarily impersonating web site visitor account logins and/or online payment systems and capturing user account and credit card information.
- Any client or Web Server supporting SSLv3 protocol
A vulnerability exists within the SSL version 3.0 protocol due to improper cipher-block chaining (CBC) mode decryption used within the block ciphers allowing an attacker to hijack and decrypt session cookies that are utilized between a user’s web browser and the web site. This could lead to attackers obtaining enough information to temporarily impersonate web site visitor account logins and/or online payment systems and capturing user account and credit card information. Please note that the website and the end-user’s system must support SSLv3, and the attacker must be able to intercept and modify the network traffic to successfully perform the Man-in-the-Middle (MITM) attack to exploit this vulnerability.
Successful MITM attacks could lead to the attacker having temporary control over the attacked user’s web session through session hijacking.
We recommend the following actions be taken:
- Disable SSL3 support both server side and in the client browser settings
- Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
- Update all plugins used by the webserver and disable/remove all unused plugins.
- Ensure that systems are hardened with industry-accepted guidelines.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack