Categories: US-Cert-Repository

SSLv2 DROWN Attack

Original release date: March 01, 2016 | Last revised: March 03, 2016

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to decrypt individual messages from a server supporting SSLv2.

US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
10 years ago

Recent Posts

Vulnerabilities in MIT Kerberos 5

Systems Affected MIT Kerberos 5 versions prior to krb5-1.3.5 Applications that use versions of MIT…

17 hours ago

Vulnerability in Microsoft Image Processing Component

Systems Affected Applications that process JPEG images on Microsoft Windows, including but not limited to…

2 days ago

Microsoft Windows JPEG component buffer overflow

Systems Affected This vulnerability affects the following Microsoft Windows operating systems by default: Microsoft Windows…

3 days ago

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy,…

4 days ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

5 days ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

6 days ago

This website uses cookies.