DROWN attack breaks TLS wide open using SSLv2

An international group of researchers has discovered that web traffic encrypted with Transport Layer Security (TLS) can be decrypted if a server also supports the antiquated SSLv2 cryptographic protocol. The researchers estimate that a staggering 33% of HTTPS-enabled sites are vulnerable to this attack, which they call DROWN, for Decrypting RSA using Obsolete and Weakened eNcryption.

While the SSLv2 protocol has long been known to be weak, the attack is significant because traffic encrypted with the stronger TLS protocol is potentially vulnerable. Communication from a client—like a web browser or mail transfer agent—that insists on TLS encryption may still be subject to the DROWN attack if the server it's talking to supports SSLv2. Using the main DROWN attack variant, the researchers say they were able to decrypt a 2048-bit RSA TLS cyphertext in less than 8 hours using just $440 worth of Amazon EC2 resources.

The attack has its own website that includes a technical paper with more details on how it works. Vulnerable services should move to disable SSLv2 support, and the site provides instructions for how to do so for popular software packages like OpenSSL and various web servers. To see if a domain or IP address is vulnerable to DROWN, you can enter it here.

Comments closed
    • Krogoth
    • 4 years ago

    Internet is a not a secured network.

    It is naive to think otherwise.

    • Jigar
    • 4 years ago

    Almost all my clients have shifted to SHA 2 with TLS 1.1 & 1.2 protocol enabled. Rest of the fall-back protocols are all disabled so this attack was already rectified thanks to Poodle attack.

    • chuckula
    • 4 years ago

    For a little more diagnostic info, you can try the following command in openssl to connect to a URL and verify the presence or absence of SSLv2 support:
    [code<]openssl s_client -connect example.com:443 -ssl2[/code<] Using google as an example, here's the first line that shows an error [the error means no SSLv2 support, which is a good thing]: [code<] > openssl s_client -connect google.com:443 -ssl2 CONNECTED(00000003) 139974706300568:error:1407F0E5:SSL routines:ssl2_write:ssl handshake failure:s2_pkt.c:409:[/code<] By contrast, changing the last parameter to -ssl3 or -tls1 works.

      • ColeLT1
      • 4 years ago

      Thanks for this.

      • Klimax
      • 4 years ago

      [url<]https://www.ssllabs.com/[/url<] can do nice testing. And no CLI involved.... 😀

    • chuckula
    • 4 years ago

    [quote<]The attack has its own website[/quote<] That is SO 2005. Today it needs its own Youtube channel & Twitter feed to remain relevant with all the other popular network exploits. Then again, it is an attack against SSLv2, so maybe it's intentionally going for the hipster retro angle.

      • Anovoca
      • 4 years ago

      If that is the case then shouldn’t it make a myspace?

        • CuttinHobo
        • 4 years ago

        The retro hipsters have long abandoned MySpace in favor of Geocities.

        If you want to try and beat them to the next step, setup your dial-up BBS today!

Pin It on Pinterest

Share This