New HTTPS Flaw: “DROWN” Attack

The OpenSSL project recently released a new update to address a critical vulnerability (CVE-2016-0800) dubbed “DROWN” which stands for “Decrypting RSA using Obsolete and Weakened eNcryption”.

From the OpenSSL security advisory:

“A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).”

In a nutshell, the DROWN attack relies on servers that support SSLv2. The first version of the attack relies on servers that support both SSLv2 and TLS. The second version relies on SSLv2 servers and TLS servers that both share the same keypair. The second version means that an SSLv2 server could be used to decrypt the TLS server’s traffic.

This vulnerability could easily be mitigated by disabling SSLv2 and never reusing keypairs across servers. “But if it’s so easy to mitigate, why is it such a big deal?”, one might ask. According to the DROWN Read more ... source: TheBitcoinNews