SSLv2 – The “Drown” Attack
Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,” More than a Million sites effected!” etc.. the list goes on and on.
Allow me to calm some fears you may have..
Unless your have NOT touched your server system since 2011 then don’t worry. SSLv2 which was created back in 1995 was considered an obsolete protocol back in 2011, and more than likely you are not using it. Because the following…
The DROWN stands for Decrypting Rsa with Obsolete and Weakened eNcryption and it allows attackers to break the encryption enabling that hacker to read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.
On March 01, 2016, The United States Computer Emergency Readness Team (US-Cert) released this on their website.
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.
So this really shouldn’t be news since SSLv2 was considered obsolete back in 2011. It was bound to happen sooner or later.
If you do happen to be effected by SSLv2 or would like to double check Qualys has an amazing SSL checking tool that goes deep into the health of a server system. SSLSupportDesk.com has a great article on how to use and read this checker featured here.
More information can be found https://drownattack.com/
© 2020 Acmetek. All Right Reserved.