Poodle Attack in Cassandra

The Poodle attack (CVE-2014-3566) exploits SSL 3.0's fallback mechanism to decrypt sensitive data. In Cassandra, this vulnerability surfaces through two primary attack surfaces: the HTTP/REST API (if enabled) and the native CQL transport when SSL is misconfigured. While Cassandra's native protocol (CQL binary) typically uses TLS, the HTTP interface—often exposed for management via tools like cassandra-stress or custom applications—may inherit JVM-wide SSL settings that allow SSL 3.0 negotiation.

An attacker can force a downgrade to SSL 3.0 by manipulating handshake messages. For example, if a Cassandra node's HTTP endpoint (e.g., https://cassandra-node:8080/) runs on a Java version where jdk.tls.disabledAlgorithms does not explicitly exclude SSLv3, the server may accept SSL 3.0 connections. This is exacerbated if load balancers or reverse proxies in front of Cassandra also support SSL 3.0 fallback. Once downgraded, the attacker can exploit the CBC padding oracle to decrypt cookies, tokens, or CQL queries transmitted over the channel.

Cassandra-specific code paths include the org.apache.cassandra.transport.Server class for native transport and the embedded Jetty server for HTTP. If the JVM's SSLContext is initialized without disabling SSLv3—often due to outdated cassandra-env.sh settings—the vulnerability persists. Real-world impact: an attacker could intercept CQL credentials or read data from unencrypted SELECT statements if the HTTP API is used for ad-hoc queries.

Detecting SSL 3.0 support in Cassandra requires testing both the HTTP and native transport endpoints. Manual verification using tools like testssl.sh or nmap --script ssl-enum-ciphers -p 9042,8080 <host> can reveal SSL 3.0 acceptance. However, systematic detection is best integrated into API security workflows. middleBrick's Encryption check actively probes endpoints for protocol downgrade vulnerabilities, including Poodle, by simulating man-in-the-middle attacks that force SSL 3.0 negotiation.

For Cassandra, scan both the native port (9042) and any HTTP management ports (e.g., 8080, 8443). A middleBrick scan returns a per-category breakdown; the Encryption section will flag SSL 3.0 support with a severity rating. For example:

middlebrick scan https://cassandra-cluster.example.com:8080

The report will indicate if the endpoint accepts SSL 3.0, along with remediation guidance. This is critical because Cassandra clusters often expose multiple endpoints—missing one (like a legacy HTTP admin interface) leaves a pivot point for attackers. middleBrick's OpenAPI/Swagger analysis can also detect if the API spec declares HTTPS without enforcing TLS 1.2+, cross-referencing runtime behavior.

Remediation requires disabling SSL 3.0 at the JVM and Cassandra configuration levels. For the native CQL transport, ensure cassandra.yaml enforces TLS 1.2+:

For the HTTP interface (if used), configure the embedded Jetty server or reverse proxy to disable SSLv3. In cassandra-env.sh, add JVM-wide restrictions:

JVM_OPTS="$JVM_OPTS -Dhttps.protocols=TLSv1.2,TLSv1.3"
JVM_OPTS="$JVM_OPTS -Djdk.tls.disabledAlgorithms=SSLv3,RC4,MD5withRSA"

If using a load balancer (e.g., HAProxy), ensure its ssl-default-bind-ciphers excludes SSLv3. After changes, restart Cassandra nodes and re-run middleBrick scans to confirm the Encryption score improves. Continuous monitoring via middleBrick's Pro plan can alert if SSL 3.0 reappears due to configuration drift.