Dan on Security
Register | Login
DROWN Attack - Decrypting TLS on Servers with SSLv2 Enabled

Yet another OpenSSL vulnerability with a catchy name: DROWN (or "Decrypting RSA using Obsolete and Weakened eNcryption"). DROWN Attack claims up to 33% of all HTTPS servers might be vulnerable to the attack.

If you're running a web server configured to use SSLv2, and particularly one that's running OpenSSL (even with all SSLv2 ciphers disabled!), you may be vulnerable to a fast attack that decrypts many recorded TLS connections made to that box. Most worryingly, the attack does not require the client to ever make an SSLv2 connection itself, and it isn't a downgrade attack. Instead, it relies on the fact that SSLv2 -- and particularly the legacy "export" ciphersuites it incorporates -- are pure poison, and simply having these active on a server is enough to invalidate the security of all connections made to that device.
So this essentially means that if you have any services with SSLv2 enabled (e.g. mail server) that share the same private key as other non-SSLv2 enabled services (e.g. web), that can be used to decrypt your TLS traffic. Time to check all services have SSLv2 disabled (this means not just disabling the ciphers, but fully disabling SSLv2 and SSLv3).

Tags: ssl vulnerability drown
More from: blog.cryptographyengineering.com

show/hide source |


No comments found :-( To post a comment, please log in