In The News
DROWN Vulnerability Still Unpatched by Most Cloud Services, SecurityWeek News – March 11, 2016
DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) enables man-in-the-middle attackers to intercept, crack and modify encrypted traffic. DROWN enables attackers exploiting HTTPS servers still using SSLv2 protocol to encrypt connections to gain access to the SSL secret encryption key, which may be reused within more secure TLS services running on the same machines (17% of HTTPS servers) as well as within HTTPS services running on additional servers (another 16% of HTTPS servers). The threat to SSL and TLS encryption is thought to affect 2.3 million HTTPS servers (1/4 of the top 1 million HTTPS domains, and 1/3 of all HTTPS websites.) Cloud providers appear to be slow in patching the DROWN vulnerability.
http://www.securityweek.com/drown-vulnerability-still-unpatched-most-cloud-services
https://drownattack.com/
Leave a Reply