| Revision as of 00:22, 2 March 2016 editMarkshale (talk | contribs)Extended confirmed users669 edits date← Previous edit | Revision as of 00:24, 2 March 2016 edit undoMarkshale (talk | contribs)Extended confirmed users669 edits == See also == * Bleichenbacher attackNext edit → | ||
| Line 34: | Line 34: | ||
| == References == | == References == | ||
| {{reflist}} | {{reflist}} | ||
| == See also == | |||
| * ] | |||
| == External links == | == External links == | ||
Revision as of 00:24, 2 March 2016
The DROWN attack is a security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. Full details of DROWN were announced in March 2016, together with a patch for the exploit.
DROWN exploits a vulnerability in the protocols used and the configuration of the server, rather than any specific implementation error.
The OpenSSL group has released a security advisory, and a set of patches intended to mitigate the vulnerability by removing support for obsolete protocols and ciphers. Several other vulnerabilities were patched at the same time.,
References
- Leyden, John (1 March 2016). "One-third of all HTTPS websites open to DROWN attack". The Register. Retrieved 2016-03-02.
- Goodin, Dan (1 March 2016). "More than 11 million HTTPS websites imperiled by new decryption attack". Ars Technica. Retrieved 2016-03-02.
- "Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)". OpenSSL. 1 March 2016.
See also
External links
| TLS and SSL | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Protocols and technologies |
| ||||||||
| Public-key infrastructure |
| ||||||||
| See also |
| ||||||||
| History | |||||||||
| Implementations | |||||||||
| Notaries | |||||||||
| Vulnerabilities |
| ||||||||
 | This cryptography-related article is a stub. You can help Misplaced Pages by expanding it. |