Categories: US-Cert-Repository

SSLv2 DROWN Attack

Original release date: March 01, 2016 | Last revised: March 03, 2016

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to decrypt individual messages from a server supporting SSLv2.

US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
9 years ago

Recent Posts

CISA Adds One Known Exploited Vulnerability to Catalog

 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

14 hours ago

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…

2 days ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

3 days ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…

4 days ago

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide…

1 week ago

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on May 27, 2025. These advisories provide…

1 week ago

This website uses cookies.