This is an old revision of this page, as edited by Markshale (talk | contribs) at 00:24, 2 March 2016 (== See also == * Bleichenbacher attack). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 00:24, 2 March 2016 by Markshale (talk | contribs) (== See also == * Bleichenbacher attack)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)The DROWN attack is a security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. Full details of DROWN were announced in March 2016, together with a patch for the exploit.
DROWN exploits a vulnerability in the protocols used and the configuration of the server, rather than any specific implementation error.
The OpenSSL group has released a security advisory, and a set of patches intended to mitigate the vulnerability by removing support for obsolete protocols and ciphers. Several other vulnerabilities were patched at the same time.,
References
- Leyden, John (1 March 2016). "One-third of all HTTPS websites open to DROWN attack". The Register. Retrieved 2016-03-02.
- Goodin, Dan (1 March 2016). "More than 11 million HTTPS websites imperiled by new decryption attack". Ars Technica. Retrieved 2016-03-02.
- "Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)". OpenSSL. 1 March 2016.
See also
External links
| TLS and SSL | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Protocols and technologies |
| ||||||||
| Public-key infrastructure |
| ||||||||
| See also |
| ||||||||
| History | |||||||||
| Implementations | |||||||||
| Notaries | |||||||||
| Vulnerabilities |
| ||||||||
 | This cryptography-related article is a stub. You can help Misplaced Pages by expanding it. |