SSLv3 Poodle Vulnerability On *.googlevideo.com
What is the POODLE attack?
Padding Oracle On Downgraded Legacy Encryption (POODLE) is an issue that affects SSL 3.0. If an adversary can modify network transmissions between the client and the server they can downgrade the SSL connection to SSL 3.0 and tamper with/decrypt data in transmission.The actual problem stems from the fact that the block cipher padding in CBC encryption in SSL 3.0 is not fully verified during the decryption process.
Is *.googlevideo.com Vuln ?
actually i test 2 subdomain in googlevideo.com
- r8---sn-2uuxa3vh-n0cl.googlevideo.com
- r6---sn-4pvgq-n8ve.googlevideo.com
Steps To Reproduce
openssl s_client -connect r8---sn-2uuxa3vh-n0cl.googlevideo.com:443 -ssl3
Output :
$ openssl s_client -connect r8---sn-2uuxa3vh-n0cl.googlevideo.com:443 -ssl3
CONNECTED(00000158)
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googlevideo.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIIalkUCOEByEAwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwMzI5MTMwNzAwWhcNMTcwNjIxMTMwNzAw
WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEaMBgGA1UEAwwRKi5n
b29nbGV2aWRlby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx
m1dLLDCRPUnUi5GlgUeGDTY50tiiMWRMyFngN8J2wVrwTKRqzxTeaWuoR4AcogXl
QIb8D4cbVBJxiVxezG3gqmPU5ruhPulx3yM/JAd/1U09yrGhW2y2m7HH/J/i1qOO
ff8B051VaUgCl2hpy9Ubpi4d4pXKTaWhsx+6MPGF2tz2BBU5BuQtss+MhHH8S55H
LxPr7t8+STWbHGayQhzJh1c+b/KqZPSRzxX6jch/jpiVvQ3nslEaU2H+WEXdhS37
vD4o8JCZMHs8xypdkb8gamoeoqEd+VV4Q1M1U6YMHyOgS59e7J8RHKabFBbVg/td
i1vrY1C8QxHgwscFI3cdAgMBAAGjggHZMIIB1TAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwgaYGA1UdEQSBnjCBm4IRKi5nb29nbGV2aWRlby5jb22CFCou
YTEuZ29vZ2xldmlkZW8uY29tgicqLmMuZG9jLTAtMC1zai5zai5nb29nbGV1c2Vy
Y29udGVudC5jb22CDyouZ29vZ2xlemlwLm5ldIIKKi5ndnQxLmNvbYIVKi54bi0t
bmdzdHItbHJhOGouY29tghN4bi0tbmdzdHItbHJhOGouY29tMGgGCCsGAQUFBwEB
BFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNy
dDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAd
BgNVHQ4EFgQUG5wcziyS9Lc+dIUupBcaLaozNAcwDAYDVR0TAQH/BAIwADAfBgNV
HSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB
1nkCBQEwCAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29v
Z2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBAHoCDrgYpmx+LXPn
EZfbp5DhIx4vGBmJyiVFcszK6AsYVNfWKG6nuDsHjbDTEnQekHwRo+V/JknGbrTS
VerP+IgK1Jy1U639lqQ5NWznIdM26kdJXLOqHB8pIpA+RXuSAiQIQnsz/2tqsIAm
da9EIdGEojtYItsZjEZ+v/gRfGlZKwbf9/oT2wJX0Ss5g064c8d4oIGFJlQS5dle
aoJPxqhjKNdakZPwPV+L4xSHflUCHJZJF6PeZrPbPPSGaFCxg/xe2Oq3SSwWG9ux
3nQgM6ZjXJ8QNoLqgWF6m/dmkfBb7T+UzHKgJgkWH2MTCkSz91UvmzhFh7CtW5CB
XqLGTD8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googlevideo.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3401 bytes and written 489 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : SSLv3
Cipher : AES128-SHA
Session-ID: 8D6C2B71328DE9CA4135012BD199A20B89492386C7CB09619D958DD1EBE9146F
Session-ID-ctx:
Master-Key: AD957D638D07E2C706C2949B7F629850CA5FD16CA8A092C1EDD86B913482956B5D9C3D4FF7E8153E04D36D5AEC8C1CC3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1492528907
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
How much bounty ?
Sadly, google won't fix this bug. :(
Comments
Post a Comment