SSLv3 Poodle Vulnerability On WhatsApp.com & Blog.WhatsApp.com
What is the POODLE attack?
Padding Oracle On Downgraded Legacy Encryption (POODLE) is an issue that affects SSL 3.0. If an adversary can modify network transmissions between the client and the server they can downgrade the SSL connection to SSL 3.0 and tamper with/decrypt data in transmission.The actual problem stems from the fact that the block cipher padding in CBC encryption in SSL 3.0 is not fully verified during the decryption process.
Is WhatsApp.com & Blog.WhatsApp.com vulnerable to POODLE?
root@pasuruanblackhat:/home/shan# openssl s_client -connect blog.whatsapp.com:443 -ssl3
Output :
CONNECTED(00000003)depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CAverify return:1depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CAverify return:1depth=0 C = US, ST = California, L = Santa Clara, O = "WhatsApp, Inc.", CN = *.whatsapp.comverify return:1---Certificate chain0 s:/C=US/ST=California/L=Santa Clara/O=WhatsApp, Inc./CN=*.whatsapp.comi:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CAi:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA---Server certificate-----BEGIN CERTIFICATE-----MIIFJjCCBA6gAwIBAgIQBVDDa7GxLjszOo2izKc2FjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTYwNjE2MDAwMDAwWhcNMTkwOTA5MTIwMDAwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExFzAVBgNVBAoTDldoYXRzQXBwLCBJbmMuMRcwFQYDVQQDDA4qLndoYXRzYXBwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNq/Wj47PE6K20BfJL3mDf2/DoZkUoZqH+Fp2tGsuGjZvZjT+eQg88AAKd6aEg4BArnw9WW9CqVIbUE5MMjzVaBks00DzJnfmTZQVIILkMtKtPClXr2IDYQ+jbyGC7l8WpAea44XRokjmShhaLE392Jm6kC6cykXEq8olqJxXRtFOV+cbiX+dDRBvDMpMtm1aiM4SUnSz+A2xwUyuy4NYn25i424zuanAOUGOLpHWZNT3TSWBabRM2dglOthRC/czq/HJ5FzKeKwD6rxzHO72CsGZ4Dvat9TAi20ooLOoTPUKhpoNcpBGVfjmVPPaRcZI2BD+Nh4LBrny0plM50/XMCAwEAAaOCAeMwggHfMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQz+s7vmZYP3Vw6l6wq2tZlKOp/mDAnBgNVHREEIDAegg4qLndoYXRzYXBwLmNvbYIMd2hhdHNhcHAuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNS5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGLNjnV3CIW7xT0OhLQQdGVeMnlqTPnsXjVZlP6fKDB1T0uDoRpSHpvZdN8G0U1HFeqcuFAn+U4iLhMwhqOKwHZc6kyMzIgF8t/HnnPgbwPWSDA1GL5mlg+GN16aJK/NOFBmr2PYV6m0O3flVii+VL9H91pGuT6SMfgaLQOuGU92iKcs2EO0gPOu3EautX+MGKxerD9hV4QSLhNt386SY5BE7ssu368XFI1woHZpUTzSR44jmNqZVkZKwxI56W1pMtoCtJz0nV3CURAsm5eD/VP3PdmqcrRWCL5fRx/gVfOPxTR3huyLEk0LpFD0WPyCpZe1NYF20SFhP4jPinwA2xA=-----END CERTIFICATE-----subject=/C=US/ST=California/L=Santa Clara/O=WhatsApp, Inc./CN=*.whatsapp.comissuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA---No client certificate CA names sentServer Temp Key: ECDH, P-256, 256 bits---SSL handshake has read 3022 bytes and written 306 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHAServer public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONENo ALPN negotiatedSSL-Session:Protocol : SSLv3Cipher : ECDHE-RSA-AES128-SHASession-ID: AAE9DA17B541DD565A1EB801BA0971F1F032681D8A7DE59735BC0557F17A9E07Session-ID-ctx:Master-Key: A1835B491468B963556730890740F24755C8BA89B48896CBB3616B8C8DBD2E1E1226B89EF023587D8FB629EB8CF0772FKey-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneStart Time: 1491902165Timeout : 7200 (sec)Verify return code: 0 (ok)---
How Much Bounty ?
Sadly, this is not get the bounty.
Unlucky Me.
Comments
Post a Comment